diff options
| author | Nils Adermann <naderman@naderman.de> | 2010-03-02 01:05:34 +0100 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2010-03-02 01:05:34 +0100 |
| commit | 89b37954f994a7cd517553d2d16686f91dcaae72 (patch) | |
| tree | b20e25768bc55be250454c439ffee08ce2981031 /phpBB/includes | |
| parent | 07633a66e8c9bbb2b288a286bfbea6f562eeca4d (diff) | |
| parent | 80d429a02d26da1f00777e62a0268d83f581f598 (diff) | |
| download | forums-89b37954f994a7cd517553d2d16686f91dcaae72.tar forums-89b37954f994a7cd517553d2d16686f91dcaae72.tar.gz forums-89b37954f994a7cd517553d2d16686f91dcaae72.tar.bz2 forums-89b37954f994a7cd517553d2d16686f91dcaae72.tar.xz forums-89b37954f994a7cd517553d2d16686f91dcaae72.zip | |
Merge commit 'release-3.0-B4'
Diffstat (limited to 'phpBB/includes')
73 files changed, 1450 insertions, 927 deletions
diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index a4e860b7bc..44ab731072 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -126,7 +126,7 @@ class acp_ban AND u.user_id = b.ban_userid AND b.ban_userid <> 0 AND u.user_id <> ' . ANONYMOUS . ' - ORDER BY u.username ASC'; + ORDER BY u.username_clean ASC'; break; case 'ip': diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index e4ea02ad4d..dd1897ecbd 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -76,7 +76,7 @@ class acp_bbcodes $bbcode_match = request_var('bbcode_match', ''); $bbcode_tpl = htmlspecialchars_decode(request_var('bbcode_tpl', '')); - $bbcode_helpline = request_var('bbcode_helpline', ''); + $bbcode_helpline = request_var('bbcode_helpline', '', true); break; } @@ -128,13 +128,17 @@ class acp_bbcodes $db->sql_freeresult($result); // Grab the end, interrogate the last closing tag - preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs); - if ($info['test'] === '1' || in_array(strtolower($data['bbcode_tag']), $hard_coded) || in_array(strtolower($regs[1]), $hard_coded)) + if ($info['test'] === '1' || in_array(strtolower($data['bbcode_tag']), $hard_coded) || (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded))) { trigger_error($user->lang['BBCODE_INVALID_TAG_NAME'] . adm_back_link($this->u_action), E_USER_WARNING); } } + if (!preg_match('#\[' . $data['bbcode_tag'] .'].*?\[/' . $data['bbcode_tag'] . ']#s', $bbcode_match)) + { + trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql_ary = array( 'bbcode_tag' => $data['bbcode_tag'], 'bbcode_match' => $bbcode_match, @@ -238,7 +242,7 @@ class acp_bbcodes $sql = 'SELECT * FROM ' . BBCODES_TABLE . ' - ORDER BY bbcode_id'; + ORDER BY bbcode_tag'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 84cc8ddd1c..a04ad9dc0f 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -47,7 +47,7 @@ class acp_board 'override_user_style' => array('lang' => 'OVERRIDE_STYLE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'legend2' => 'WARNINGS', - 'warnings_expire_days' => array('lang' => 'WARNINGS_EXPIRE', 'validate' => 'int', 'type' => 'text:3:4', 'explain' => true), + 'warnings_expire_days' => array('lang' => 'WARNINGS_EXPIRE', 'validate' => 'int', 'type' => 'text:3:4', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']), ) ); break; @@ -91,8 +91,8 @@ class acp_board 'allow_avatar_remote' => array('lang' => 'ALLOW_REMOTE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'allow_avatar_upload' => array('lang' => 'ALLOW_UPLOAD', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'avatar_filesize' => array('lang' => 'MAX_FILESIZE', 'validate' => 'int', 'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), - 'avatar_min' => array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true), - 'avatar_max' => array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true), + 'avatar_min' => array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), + 'avatar_max' => array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'avatar_path' => array('lang' => 'AVATAR_STORAGE_PATH', 'validate' => 'rwpath', 'type' => 'text:20:255', 'explain' => true), 'avatar_gallery_path' => array('lang' => 'AVATAR_GALLERY_PATH', 'validate' => 'rpath', 'type' => 'text:20:255', 'explain' => true) ) @@ -144,7 +144,7 @@ class acp_board 'bump_type' => false, 'edit_time' => array('lang' => 'EDIT_TIME', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']), 'display_last_edited' => array('lang' => 'DISPLAY_LAST_EDITED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'flood_interval' => array('lang' => 'FLOOD_INTERVAL', 'validate' => 'int', 'type' => 'text:3:4', 'explain' => true), + 'flood_interval' => array('lang' => 'FLOOD_INTERVAL', 'validate' => 'int', 'type' => 'text:3:4', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), 'bump_interval' => array('lang' => 'BUMP_INTERVAL', 'validate' => 'int', 'type' => 'custom', 'method' => 'bump_interval', 'explain' => true), 'topics_per_page' => array('lang' => 'TOPICS_PER_PAGE', 'validate' => 'int', 'type' => 'text:3:4', 'explain' => false), 'posts_per_page' => array('lang' => 'POSTS_PER_PAGE', 'validate' => 'int', 'type' => 'text:3:4', 'explain' => false), @@ -153,10 +153,10 @@ class acp_board 'max_post_chars' => array('lang' => 'CHAR_LIMIT', 'validate' => 'int', 'type' => 'text:4:6', 'explain' => true), 'max_post_smilies' => array('lang' => 'SMILIES_LIMIT', 'validate' => 'int', 'type' => 'text:4:4', 'explain' => true), 'max_post_urls' => array('lang' => 'MAX_POST_URLS', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true), - 'max_post_font_size' => array('lang' => 'MAX_POST_FONT_SIZE', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true), + 'max_post_font_size' => array('lang' => 'MAX_POST_FONT_SIZE', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'max_quote_depth' => array('lang' => 'QUOTE_DEPTH_LIMIT', 'validate' => 'int', 'type' => 'text:4:4', 'explain' => true), - 'max_post_img_width' => array('lang' => 'MAX_POST_IMG_WIDTH', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true), - 'max_post_img_height' => array('lang' => 'MAX_POST_IMG_HEIGHT', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true), + 'max_post_img_width' => array('lang' => 'MAX_POST_IMG_WIDTH', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), + 'max_post_img_height' => array('lang' => 'MAX_POST_IMG_HEIGHT', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), ) ); break; @@ -176,10 +176,10 @@ class acp_board 'legend2' => 'GENERAL_SETTINGS', 'max_sig_chars' => array('lang' => 'MAX_SIG_LENGTH', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true), 'max_sig_urls' => array('lang' => 'MAX_SIG_URLS', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true), - 'max_sig_font_size' => array('lang' => 'MAX_SIG_FONT_SIZE', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true), + 'max_sig_font_size' => array('lang' => 'MAX_SIG_FONT_SIZE', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'max_sig_smilies' => array('lang' => 'MAX_SIG_SMILIES', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true), - 'max_sig_img_width' => array('lang' => 'MAX_SIG_IMG_WIDTH', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true), - 'max_sig_img_height' => array('lang' => 'MAX_SIG_IMG_HEIGHT', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true), + 'max_sig_img_width' => array('lang' => 'MAX_SIG_IMG_WIDTH', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), + 'max_sig_img_height' => array('lang' => 'MAX_SIG_IMG_HEIGHT', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), ) ); break; @@ -197,7 +197,7 @@ class acp_board 'min_pass_chars' => array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int', 'type' => 'custom', 'method' => 'password_length', 'explain' => true), 'allow_name_chars' => array('lang' => 'USERNAME_CHARS', 'validate' => 'string', 'type' => 'select', 'method' => 'select_username_chars', 'explain' => true), 'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'validate' => 'string', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true), - 'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true), + 'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']), 'legend2' => 'GENERAL_OPTIONS', 'allow_namechange' => array('lang' => 'ALLOW_NAME_CHANGE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), @@ -346,11 +346,7 @@ class acp_board } $this->new_config = $config; - $cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : $this->new_config; - if (isset($_REQUEST['config'])) - { - utf8_normalize_nfc(&$cfg_array); - } + $cfg_array = (isset($_REQUEST['config'])) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config; $error = array(); // We validate the complete config if whished diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index cbd654fbcc..7a8acab445 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -1427,7 +1427,12 @@ class acp_database } $sql_data .= implode(",\n", $rows); - $sql_data .= "\n);\n\n"; + $sql_data .= "\n)"; + if ($db->sql_layer == 'mysql4' || $db->sql_layer == 'mysqli') + { + $sql_data .= ' CHARACTER SET `utf8` COLLATE `utf8_bin`'; + } + $sql_data .= ";\n\n"; break; diff --git a/phpBB/includes/acp/acp_disallow.php b/phpBB/includes/acp/acp_disallow.php index adb7270332..70bdf30628 100644 --- a/phpBB/includes/acp/acp_disallow.php +++ b/phpBB/includes/acp/acp_disallow.php @@ -43,7 +43,7 @@ class acp_disallow $sql = 'INSERT INTO ' . DISALLOW_TABLE . ' ' . $db->sql_build_array('INSERT', array('disallow_username' => $disallowed_user)); $db->sql_query($sql); - $cache->destroy('disallowed_usernames'); + $cache->destroy('_disallowed_usernames'); $message = $user->lang['DISALLOW_SUCCESSFUL']; add_log('admin', 'LOG_DISALLOW_ADD', str_replace('%', '*', $disallowed_user)); @@ -63,7 +63,7 @@ class acp_disallow WHERE disallow_id = ' . $disallowed_id; $db->sql_query($sql); - $cache->destroy('disallowed_usernames'); + $cache->destroy('_disallowed_usernames'); add_log('admin', 'LOG_DISALLOW_DELETE'); diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 7f4dde7211..fc524e0c75 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -524,6 +524,39 @@ class acp_forums } $db->sql_freeresult($result); + // Subforum move options + if ($action == 'edit' && $forum_data['forum_type'] == FORUM_CAT) + { + $subforums_id = array(); + $subforums = get_forum_branch($forum_id, 'children'); + + foreach ($subforums as $row) + { + $subforums_id[] = $row['forum_id']; + } + + $forums_list = make_forum_select($forum_data['parent_id'], $subforums_id); + + $sql = 'SELECT forum_id + FROM ' . FORUMS_TABLE . ' + WHERE forum_type = ' . FORUM_POST . " + AND forum_id <> $forum_id"; + $result = $db->sql_query($sql); + + if ($db->sql_fetchrow($result)) + { + $template->assign_vars(array( + 'S_MOVE_FORUM_OPTIONS' => make_forum_select($forum_data['parent_id'], $subforums_id)) // , false, true, false??? + ); + } + $db->sql_freeresult($result); + + $template->assign_vars(array( + 'S_HAS_SUBFORUMS' => ($forum_data['right_id'] - $forum_data['left_id'] > 1) ? true : false, + 'S_FORUMS_LIST' => $forums_list) + ); + } + $s_show_display_on_index = false; if ($forum_data['parent_id'] > 0) @@ -586,6 +619,8 @@ class acp_forums 'S_SHOW_DISPLAY_ON_INDEX' => $s_show_display_on_index, 'S_FORUM_POST' => ($forum_data['forum_type'] == FORUM_POST) ? true : false, 'S_FORUM_ORIG_POST' => (isset($old_forum_type) && $old_forum_type == FORUM_POST) ? true : false, + 'S_FORUM_ORIG_CAT' => (isset($old_forum_type) && $old_forum_type == FORUM_CAT) ? true : false, + 'S_FORUM_ORIG_LINK' => (isset($old_forum_type) && $old_forum_type == FORUM_LINK) ? true : false, 'S_FORUM_LINK' => ($forum_data['forum_type'] == FORUM_LINK) ? true : false, 'S_FORUM_CAT' => ($forum_data['forum_type'] == FORUM_CAT) ? true : false, 'S_ENABLE_INDEXING' => ($forum_data['enable_indexing']) ? true : false, @@ -615,8 +650,8 @@ class acp_forums $forum_data = $this->get_forum_info($forum_id); $subforums_id = array(); - $subforums = get_forum_branch($forum_id, 'children'); + foreach ($subforums as $row) { $subforums_id[] = $row['forum_id']; @@ -647,6 +682,7 @@ class acp_forums 'FORUM_NAME' => $forum_data['forum_name'], 'S_FORUM_POST' => ($forum_data['forum_type'] == FORUM_POST) ? true : false, + 'S_FORUM_LINK' => ($forum_data['forum_type'] == FORUM_LINK) ? true : false, 'S_HAS_SUBFORUMS' => ($forum_data['right_id'] - $forum_data['left_id'] > 1) ? true : false, 'S_FORUMS_LIST' => $forums_list, 'S_ERROR' => (sizeof($errors)) ? true : false, @@ -801,7 +837,7 @@ class acp_forums */ function update_forum_data(&$forum_data) { - global $db, $user; + global $db, $user, $cache; $errors = array(); @@ -942,6 +978,123 @@ class acp_forums $forum_data_sql['forum_posts'] = $forum_data_sql['forum_topics'] = $forum_data_sql['forum_topics_real'] = $forum_data_sql['forum_last_post_id'] = $forum_data_sql['forum_last_poster_id'] = $forum_data_sql['forum_last_post_time'] = 0; $forum_data_sql['forum_last_poster_name'] = $forum_data_sql['forum_last_poster_colour'] = ''; } + else if ($row['forum_type'] == FORUM_CAT && $forum_data_sql['forum_type'] == FORUM_LINK) + { + // Has subforums? + if ($row['right_id'] - $row['left_id'] > 1) + { + // We are turning a category into a link - but need to decide what to do with the subforums. + $action_subforums = request_var('action_subforums', ''); + $subforums_to_id = request_var('subforums_to_id', 0); + + if ($action_subforums == 'delete') + { + $log_action_forums = 'FORUMS'; + $rows = get_forum_branch($row['forum_id'], 'children', 'descending', false); + + foreach ($rows as $_row) + { + // Do not remove the forum id we are about to change. ;) + if ($_row['forum_id'] == $row['forum_id']) + { + continue; + } + + $forum_ids[] = $_row['forum_id']; + $errors = array_merge($errors, $this->delete_forum_content($_row['forum_id'])); + } + + if (sizeof($errors)) + { + return $errors; + } + + if (sizeof($forum_ids)) + { + $sql = 'DELETE FROM ' . FORUMS_TABLE . ' + WHERE ' . $db->sql_in_set('forum_id', $forum_ids); + $db->sql_query($sql); + + $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . ' + WHERE ' . $db->sql_in_set('forum_id', $forum_ids); + $db->sql_query($sql); + + $sql = 'DELETE FROM ' . ACL_USERS_TABLE . ' + WHERE ' . $db->sql_in_set('forum_id', $forum_ids); + $db->sql_query($sql); + + // Delete forum ids from extension groups table + $sql = 'SELECT group_id, allowed_forums + FROM ' . EXTENSION_GROUPS_TABLE; + $result = $db->sql_query($sql); + + while ($_row = $db->sql_fetchrow($result)) + { + if (!$_row['allowed_forums']) + { + continue; + } + + $allowed_forums = unserialize(trim($_row['allowed_forums'])); + $allowed_forums = array_diff($allowed_forums, $forum_ids); + + $sql = 'UPDATE ' . EXTENSION_GROUPS_TABLE . " + SET allowed_forums = '" . ((sizeof($allowed_forums)) ? serialize($allowed_forums) : '') . "' + WHERE group_id = {$_row['group_id']}"; + $db->sql_query($sql); + } + $db->sql_freeresult($result); + + $cache->destroy('_extensions'); + } + } + else if ($action_subforums == 'move') + { + if (!$subforums_to_id) + { + return array($user->lang['NO_DESTINATION_FORUM']); + } + + $log_action_forums = 'MOVE_FORUMS'; + + $sql = 'SELECT forum_name + FROM ' . FORUMS_TABLE . ' + WHERE forum_id = ' . $subforums_to_id; + $result = $db->sql_query($sql); + $_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$_row) + { + return array($user->lang['NO_FORUM']); + } + + $subforums_to_name = $_row['forum_name']; + + $sql = 'SELECT forum_id + FROM ' . FORUMS_TABLE . " + WHERE parent_id = {$row['forum_id']}"; + $result = $db->sql_query($sql); + + while ($_row = $db->sql_fetchrow($result)) + { + $this->move_forum($_row['forum_id'], $subforums_to_id); + } + $db->sql_freeresult($result); + + $sql = 'UPDATE ' . FORUMS_TABLE . " + SET parent_id = $subforums_to_id + WHERE parent_id = {$row['forum_id']}"; + $db->sql_query($sql); + } + + // Adjust the left/right id + $sql = 'UPDATE ' . FORUMS_TABLE . ' + SET right_id = left_id + 1 + WHERE forum_id = ' . $row['forum_id']; + $db->sql_query($sql); + } + } if (sizeof($errors)) { @@ -1533,8 +1686,6 @@ class acp_forums set_config('upload_dir_size', (int) $row['stat'], true); - add_log('admin', 'LOG_RESYNC_STATS'); - return array(); } diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 9df1c52d65..e81dc9883f 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -54,6 +54,12 @@ class acp_groups { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } + + // Check if the user is allowed to manage this group if set to founder only. + if ($user->data['user_type'] != USER_FOUNDER && $group_row['group_founder_manage']) + { + trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); + } } // Which page? @@ -214,9 +220,10 @@ class acp_groups } $name_ary = array_unique(explode("\n", $name_ary)); + $group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; // Add user/s to group - if ($error = group_user_add($group_id, false, $name_ary, $group_row['group_name'], $default, $leader, 0, $group_row)) + if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, $leader, 0, $group_row)) { trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); } @@ -262,13 +269,22 @@ class acp_groups $delete = request_var('delete', ''); $submit_ary = array( - 'colour' => request_var('group_colour', ''), - 'rank' => request_var('group_rank', 0), - 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, - 'legend' => isset($_REQUEST['group_legend']) ? 1 : 0, - 'message_limit' => request_var('group_message_limit', 0) + 'colour' => request_var('group_colour', ''), + 'rank' => request_var('group_rank', 0), + 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, + 'legend' => isset($_REQUEST['group_legend']) ? 1 : 0, + 'message_limit' => request_var('group_message_limit', 0), ); + if ($user->data['user_type'] == USER_FOUNDER) + { + $submit_ary['founder_manage'] = isset($_REQUEST['group_founder_manage']) ? 1 : 0; + } + else + { + $submit_ary['founder_manage'] = 0; + } + if (!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl'] || $data['remotelink']) { $data['width'] = request_var('width', ''); @@ -328,7 +344,7 @@ class acp_groups // were made. $group_attributes = array(); - $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit'); + $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit', 'founder_manage'); foreach ($test_variables as $test) { if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test])) @@ -434,6 +450,8 @@ class acp_groups if (isset($group_row['group_avatar']) && $group_row['group_avatar']) { + $avatar_img = ''; + switch ($group_row['group_avatar_type']) { case AVATAR_UPLOAD: @@ -444,8 +462,8 @@ class acp_groups $avatar_img = $phpbb_root_path . $config['avatar_gallery_path'] . '/'; break; } - $avatar_img .= $group_row['group_avatar']; + $avatar_img .= $group_row['group_avatar']; $avatar_img = '<img src="' . $avatar_img . '" width="' . $group_row['group_avatar_width'] . '" height="' . $group_row['group_avatar_height'] . '" alt="" />'; } else @@ -482,16 +500,19 @@ class acp_groups 'S_SPECIAL_GROUP' => ($group_type == GROUP_SPECIAL) ? true : false, 'S_DISPLAY_GALLERY' => ($config['allow_avatar_local'] && !$display_gallery) ? true : false, 'S_IN_GALLERY' => ($config['allow_avatar_local'] && $display_gallery) ? true : false, + 'S_USER_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false, 'ERROR_MSG' => (sizeof($error)) ? implode('<br />', $error) : '', 'GROUP_NAME' => ($group_type == GROUP_SPECIAL) ? $user->lang['G_' . $group_name] : $group_name, 'GROUP_INTERNAL_NAME' => $group_name, 'GROUP_DESC' => $group_desc_data['text'], 'GROUP_RECEIVE_PM' => (isset($group_row['group_receive_pm']) && $group_row['group_receive_pm']) ? ' checked="checked"' : '', + 'GROUP_FOUNDER_MANAGE' => (isset($group_row['group_founder_manage']) && $group_row['group_founder_manage']) ? ' checked="checked"' : '', 'GROUP_LEGEND' => (isset($group_row['group_legend']) && $group_row['group_legend']) ? ' checked="checked"' : '', 'GROUP_MESSAGE_LIMIT' => (isset($group_row['group_message_limit'])) ? $group_row['group_message_limit'] : 0, 'GROUP_COLOUR' => (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '', + 'S_DESC_BBCODE_CHECKED' => $group_desc_data['allow_bbcode'], 'S_DESC_URLS_CHECKED' => $group_desc_data['allow_urls'], 'S_DESC_SMILIES_CHECKED'=> $group_desc_data['allow_smilies'], diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php index 2834d25181..68eeaab5b4 100755 --- a/phpBB/includes/acp/acp_inactive.php +++ b/phpBB/includes/acp/acp_inactive.php @@ -132,7 +132,7 @@ class acp_inactive // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('i' => $user->lang['SORT_INACTIVE'], 'j' => $user->lang['SORT_REG_DATE'], 'l' => $user->lang['SORT_LAST_VISIT'], 'r' => $user->lang['SORT_REASON'], 'u' => $user->lang['SORT_USERNAME']); - $sort_by_sql = array('i' => 'user_inactive_time', 'j' => 'user_regdate', 'l' => 'user_lastvisit', 'r' => 'user_inactive_reason', 'u' => 'username'); + $sort_by_sql = array('i' => 'user_inactive_time', 'j' => 'user_regdate', 'l' => 'user_lastvisit', 'r' => 'user_inactive_reason', 'u' => 'username_clean'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); diff --git a/phpBB/includes/acp/acp_jabber.php b/phpBB/includes/acp/acp_jabber.php index afb2ba329a..d216ff7f9b 100644 --- a/phpBB/includes/acp/acp_jabber.php +++ b/phpBB/includes/acp/acp_jabber.php @@ -148,7 +148,7 @@ class acp_jabber $template->assign_vars(array( 'U_ACTION' => $this->u_action, 'JAB_ENABLE' => $new['jab_enable'], - 'L_JAB_SERVER_EXPLAIN' => sprintf($user->lang['JAB_SERVER_EXPLAIN'], '<a href="http://www.xmpp.net/" rel="external">', '</a>'), + 'L_JAB_SERVER_EXPLAIN' => sprintf($user->lang['JAB_SERVER_EXPLAIN'], '<a href="http://www.jabber.org/">', '</a>'), 'JAB_HOST' => $new['jab_host'], 'JAB_PORT' => $new['jab_port'], 'JAB_USERNAME' => $new['jab_username'], diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index 61310cff01..6c962d9405 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -107,11 +107,11 @@ class acp_language $hidden_data = build_hidden_fields(array( 'file' => $this->language_file, 'dir' => $this->language_directory, - 'method' => $method, - 'entry' => $_POST['entry']), - true + 'method' => $method) ); + $hidden_data .= build_hidden_fields(array('entry' => $_POST['entry']), true, STRIP); + $template->assign_vars(array( 'S_UPLOAD' => true, 'NAME' => $method, diff --git a/phpBB/includes/acp/acp_logs.php b/phpBB/includes/acp/acp_logs.php index d233d7c885..211b932115 100644 --- a/phpBB/includes/acp/acp_logs.php +++ b/phpBB/includes/acp/acp_logs.php @@ -68,7 +68,7 @@ class acp_logs // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); - $sort_by_sql = array('u' => 'u.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); + $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); @@ -127,8 +127,8 @@ class acp_logs } $template->assign_block_vars('log', array( - 'USERNAME' => $row['username'], - 'REPORTEE_USERNAME' => ($row['reportee_username'] && $row['user_id'] != $row['reportee_id']) ? $row['reportee_username'] : '', + 'USERNAME' => $row['username_full'], + 'REPORTEE_USERNAME' => ($row['reportee_username'] && $row['user_id'] != $row['reportee_id']) ? $row['reportee_username_full'] : '', 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index a321057fa2..d7e327e4d3 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -324,7 +324,7 @@ class acp_main foreach ($log_data as $row) { $template->assign_block_vars('log', array( - 'USERNAME' => $row['username'], + 'USERNAME' => $row['username_full'], 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), 'ACTION' => $row['action']) diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php index 1323c7aee4..c426e4607d 100644 --- a/phpBB/includes/acp/acp_modules.php +++ b/phpBB/includes/acp/acp_modules.php @@ -265,7 +265,7 @@ class acp_modules // Category/not category? $is_cat = (!$module_data['module_basename']) ? true : false; - // Get module informations + // Get module information $module_infos = $this->get_module_infos(); // Build name options @@ -488,7 +488,7 @@ class acp_modules } /** - * Get available module informations from module files + * Get available module information from module files */ function get_module_infos($module = '', $module_class = false) { @@ -580,14 +580,10 @@ class acp_modules $right = $row['right_id']; - /** - * @todo think about using module class here - */ if (!$ignore_acl && $row['module_auth']) { - $is_auth = false; - eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', 'true', '(int) $auth->acl_getf_global("\\1")', '(int) $config["\\1"]'), $row['module_auth']) . ');'); - if (!$is_auth) + // We use zero as the forum id to check - global setting. + if (!p_master::module_auth($row['module_auth'], 0)) { continue; } diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index 9ce7f3ed92..8bfe2b8b36 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -936,7 +936,7 @@ class acp_profile $field_id = request_var('field_id', 0); - // Collect all informations, if something is going wrong, abort the operation + // Collect all information, if something is going wrong, abort the operation $profile_sql = $profile_lang = $empty_lang = $profile_lang_fields = array(); $default_lang_id = $lang_defs['iso'][$config['default_lang']]; diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index 6b1eefe8e6..f858da6a16 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -457,7 +457,7 @@ class acp_search /** * @todo remove Javascript */ - return '<script language="javascript" type="text/javascript"> + return '<script type="text/javascript"> <!-- close_waitscreen = 1; //--> diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 4377dd7e20..c4c1c85793 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -978,7 +978,7 @@ pagination_sep = \'{PAGINATION_SEP}\' foreach ($classes as $class) { $selected = ($class == $edit_class) ? ' selected="selected"' : ''; - $s_classes .= '<option value="' . $class . '"' . $selected . '>' . $class . '</option>'; + $s_classes .= '<option value="' . $class . '" title="' . $class . '"' . $selected . '>' . truncate_string($class, 40, false, '...') . '</option>'; } $template->assign_vars(array( diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 30c4e27b63..314514b8e2 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -140,7 +140,7 @@ class acp_users // Prevent normal users/admins change/view founders if they are not a founder by themselves if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER) { - trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action), E_USER_WARNING); } switch ($mode) @@ -620,8 +620,8 @@ class acp_users $data = array( 'username' => request_var('user', $user_row['username'], true), 'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0), - 'email' => request_var('user_email', $user_row['user_email']), - 'email_confirm' => request_var('email_confirm', ''), + 'email' => strtolower(request_var('user_email', $user_row['user_email'])), + 'email_confirm' => strtolower(request_var('email_confirm', '')), 'user_password' => request_var('user_password', '', true), 'password_confirm' => request_var('password_confirm', '', true), 'warnings' => request_var('warnings', $user_row['user_warnings']), @@ -841,6 +841,31 @@ class acp_users $last_visit = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_lastvisit']; + $inactive_reason = ''; + if ($user_row['user_type'] == USER_INACTIVE) + { + $inactive_reason = $user->lang['INACTIVE_REASON_UNKNOWN']; + + switch ($user_row['user_inactive_reason']) + { + case INACTIVE_REGISTER: + $inactive_reason = $user->lang['INACTIVE_REASON_REGISTER']; + break; + + case INACTIVE_PROFILE: + $inactive_reason = $user->lang['INACTIVE_REASON_PROFILE']; + break; + + case INACTIVE_MANUAL: + $inactive_reason = $user->lang['INACTIVE_REASON_MANUAL']; + break; + + case INACTIVE_REMIND: + $inactive_reason = $user->lang['INACTIVE_REASON_REMIND']; + break; + } + } + $template->assign_vars(array( 'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), @@ -865,6 +890,7 @@ class acp_users 'USER_EMAIL' => $user_row['user_email'], 'USER_WARNINGS' => $user_row['user_warnings'], 'USER_POSTS' => $user_row['user_posts'], + 'USER_INACTIVE_REASON' => $inactive_reason, ) ); @@ -923,7 +949,7 @@ class acp_users // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); - $sort_by_sql = array('u' => 'l.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); + $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); @@ -951,7 +977,7 @@ class acp_users foreach ($log_data as $row) { $template->assign_block_vars('log', array( - 'USERNAME' => $row['username'], + 'USERNAME' => $row['username_full'], 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), 'ACTION' => nl2br($row['action']), @@ -983,15 +1009,13 @@ class acp_users 'yim' => request_var('yim', $user_row['user_yim']), 'jabber' => request_var('jabber', $user_row['user_jabber']), 'website' => request_var('website', $user_row['user_website']), - 'location' => request_var('location', $user_row['user_from'], true), - 'occupation' => request_var('occupation', $user_row['user_occ'], true), - 'interests' => request_var('interests', $user_row['user_interests'], true), + 'location' => utf8_normalize_nfc(request_var('location', $user_row['user_from'], true)), + 'occupation' => utf8_normalize_nfc(request_var('occupation', $user_row['user_occ'], true)), + 'interests' => utf8_normalize_nfc(request_var('interests', $user_row['user_interests'], true)), 'bday_day' => 0, 'bday_month' => 0, 'bday_year' => 0, ); - - utf8_normalize_nfc(array(&$data['location'], &$data['occupation'], &$data['interests'])); if ($user_row['user_birthday']) { @@ -1161,7 +1185,7 @@ class acp_users case 'prefs': $data = array( - 'dateformat' => request_var('dateformat', $user_row['user_dateformat']), + 'dateformat' => request_var('dateformat', $user_row['user_dateformat'], true), 'lang' => request_var('lang', $user_row['user_lang']), 'tz' => request_var('tz', (float) $user_row['user_timezone']), 'style' => request_var('style', $user_row['user_style']), @@ -1551,10 +1575,8 @@ class acp_users $enable_bbcode = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $this->optionget($user_row, 'bbcode')) : false; $enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $this->optionget($user_row, 'smilies')) : false; $enable_urls = request_var('enable_urls', true); - $signature = request_var('signature', $user_row['user_sig'], true); - - utf8_normalize_nfc(&$signature); - + $signature = utf8_normalize_nfc(request_var('signature', $user_row['user_sig'], true)); + $preview = (isset($_POST['preview'])) ? true : false; if ($submit || $preview) @@ -1821,6 +1843,19 @@ class acp_users trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } + // Check the founder only entry for this group to make sure everything is well + $sql = 'SELECT group_founder_manage + FROM ' . GROUPS_TABLE . ' + WHERE group_id = ' . $group_id; + $result = $db->sql_query($sql); + $founder_manage = (int) $db->sql_fetchfield('group_founder_manage'); + $db->sql_freeresult($result); + + if ($user->data['user_type'] != USER_FOUNDER && $founder_manage) + { + trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + // Add user/s to group if ($error = group_user_add($group_id, $user_id)) { @@ -1855,7 +1890,7 @@ class acp_users $db->sql_freeresult($result); // Select box for other groups - $sql = 'SELECT group_id, group_name, group_type + $sql = 'SELECT group_id, group_name, group_type, group_founder_manage FROM ' . GROUPS_TABLE . ' ' . ((sizeof($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . ' ORDER BY group_type DESC, group_name ASC'; @@ -1869,6 +1904,12 @@ class acp_users continue; } + // Do not display those groups not allowed to be managed + if ($user->data['user_type'] != USER_FOUNDER && $row['group_founder_manage']) + { + continue; + } + $s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; } $db->sql_freeresult($result); @@ -1925,7 +1966,7 @@ class acp_users if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') { - $sql .= " ESCAPE '\\'"; + $sql .= " ESCAPE '\\' "; } $sql .= 'AND is_global = 1 @@ -1945,7 +1986,7 @@ class acp_users if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') { - $sql .= " ESCAPE '\\'"; + $sql .= " ESCAPE '\\' "; } $sql .= 'AND is_local = 1 diff --git a/phpBB/includes/acp/acp_words.php b/phpBB/includes/acp/acp_words.php index 8fe99b8c80..e087c4f8af 100644 --- a/phpBB/includes/acp/acp_words.php +++ b/phpBB/includes/acp/acp_words.php @@ -68,12 +68,10 @@ class acp_words break; case 'save': - $word_id = request_var('id', 0); - $word = request_var('word', '', true); - $replacement = request_var('replacement', '', true); + $word_id = request_var('id', 0); + $word = utf8_normalize_nfc(request_var('word', '', true)); + $replacement = utf8_normalize_nfc(request_var('replacement', '', true)); - utf8_normalize_nfc(array(&$word, &$replacement)); - if (!$word || !$replacement) { trigger_error($user->lang['ENTER_WORD'] . adm_back_link($this->u_action), E_USER_WARNING); diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index 436e3f017b..35b0cd29e2 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -293,7 +293,7 @@ class auth_admin extends auth $sql = 'SELECT user_id as ug_id, username as ug_name FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . ' - ORDER BY username ASC'; + ORDER BY username_clean ASC'; } else { @@ -606,7 +606,7 @@ class auth_admin extends auth $sql = 'SELECT user_id, username FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . ' - ORDER BY username'; + ORDER BY username_clean ASC'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1068,6 +1068,7 @@ class auth_admin extends auth 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']', 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '', + 'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '', 'PERMISSION' => $user->lang['acl_' . $permission]['lang']) ); diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 8ee4a23abb..c174fc6769 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -478,11 +478,11 @@ class auth $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; - $sql_opts = $sql_escape = ''; + $sql_opts = ''; if ($opts !== false) { - $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape); + $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts); } $hold_ary = array(); @@ -512,7 +512,7 @@ class auth 'ORDER_BY' => 'a.forum_id, ao.auth_option' )); - $result = $db->sql_query($sql . $sql_escape); + $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { @@ -588,11 +588,11 @@ class auth $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; - $sql_opts = $sql_escape = ''; + $sql_opts = ''; if ($opts !== false) { - $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape); + $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts); } $hold_ary = array(); @@ -620,7 +620,7 @@ class auth 'ORDER_BY' => 'a.forum_id, ao.auth_option' )); - $result = $db->sql_query($sql . $sql_escape); + $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { @@ -642,11 +642,11 @@ class auth $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; - $sql_opts = $sql_escape = ''; + $sql_opts = ''; if ($opts !== false) { - $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape); + $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts); } $hold_ary = array(); @@ -674,7 +674,7 @@ class auth 'ORDER_BY' => 'a.forum_id, ao.auth_option' )); - $result = $db->sql_query($sql . $sql_escape); + $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { @@ -791,7 +791,7 @@ class auth /** * Fill auth_option statement for later querying based on the supplied options */ - function build_auth_option_statement($key, $auth_options, &$sql_opts, &$sql_escape) + function build_auth_option_statement($key, $auth_options, &$sql_opts) { global $db; @@ -802,7 +802,7 @@ class auth if (strpos($auth_options, '_') !== false) { $sql_opts = "AND $key LIKE '" . $db->sql_escape(str_replace('_', "\_", $auth_options)) . "'"; - $sql_escape = ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') ? " ESCAPE '\\'" : ''; + $sql_opts .= ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') ? " ESCAPE '\\' " : ''; } else { @@ -816,7 +816,7 @@ class auth } else { - $is_like_expression = $is_underline = false; + $is_like_expression = false; foreach ($auth_options as $option) { @@ -824,11 +824,6 @@ class auth { $is_like_expression = true; } - - if (strpos($option, '_') !== false) - { - $is_underline = true; - } } if (!$is_like_expression) @@ -841,15 +836,26 @@ class auth foreach ($auth_options as $option) { - $sql[] = $key . " LIKE '" . $db->sql_escape(str_replace('_', "\_", $option)) . "'"; + if (strpos($option, '%') !== false) + { + if (strpos($option, '_') !== false) + { + $_sql = $key . " LIKE '" . $db->sql_escape(str_replace('_', "\_", $option)) . "'"; + $_sql .= ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') ? " ESCAPE '\\'" : ''; + $sql[] = $_sql; + } + else + { + $sql[] = $key . " LIKE '" . $db->sql_escape($option) . "'"; + } + } + else + { + $sql[] = $key . " = '" . $db->sql_escape($option) . "'"; + } } $sql_opts = 'AND (' . implode(' OR ', $sql) . ')'; - - if ($is_underline) - { - $sql_escape = ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') ? " ESCAPE '\\'" : ''; - } } } } diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 618ad0a387..3be896cfd6 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -20,7 +20,7 @@ function login_db(&$username, &$password) { global $db, $config; - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts + $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); @@ -95,8 +95,32 @@ function login_db(&$username, &$password) } } - // Password correct... - if (md5($password) == $row['user_password']) + // If the password convert flag is set we need to convert it + if ($row['user_pass_convert']) + { + // in phpBB2 passwords were used exactly as they were sent + $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; + $password_old_format = (STRIP) ? stripslashes($password_old_format) : $password_old_format; + $password_new_format = ''; + + set_var($password_new_format, $password_old_format, 'string'); + + if ($password == $password_new_format && md5($password_old_format) == $row['user_password']) + { + // Update the password in the users table to the new format and remove user_pass_convert flag + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_password = \'' . $db->sql_escape(md5($password_new_format)) . '\', + user_pass_convert = 0 + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + + $row['user_pass_convert'] = 0; + $row['user_password'] = md5($password_new_format); + } + } + + // Check password ... + if (!$row['user_pass_convert'] && md5($password) == $row['user_password']) { // Successful, reset login attempts (the user passed all stages) $sql = 'UPDATE ' . USERS_TABLE . ' diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 988da577c0..8241db1c4f 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -230,8 +230,8 @@ function acp_ldap(&$new) <dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd> </dl> <dl> - <dt><label for="ldap_uid">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt> - <dd><input type="text" id="ldap_uid" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd> + <dt><label for="ldap_email">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt> + <dd><input type="text" id="ldap_email" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd> </dl> '; diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index 409aab18e4..9536abddd3 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -221,7 +221,7 @@ class bbcode { $this->bbcode_cache[$bbcode_id] = array( 'preg' => array( - '#\[img:$uid\](.*?)\[/img:$uid\]#s' => str_replace('$2', '[ img ]', $this->bbcode_tpl('url', $bbcode_id)), + '#\[img:$uid\](.*?)\[/img:$uid\]#s' => str_replace('$2', '[ img ]', $this->bbcode_tpl('url', $bbcode_id, true)), ) ); } @@ -300,7 +300,7 @@ class bbcode { $this->bbcode_cache[$bbcode_id] = array( 'preg' => array( - '#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#' => str_replace('$1', '$3', str_replace('$2', '[ flash ]', $this->bbcode_tpl('url', $bbcode_id))) + '#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#' => str_replace('$1', '$3', str_replace('$2', '[ flash ]', $this->bbcode_tpl('url', $bbcode_id, true))) ) ); } @@ -381,7 +381,7 @@ class bbcode /** * Return bbcode template */ - function bbcode_tpl($tpl_name, $bbcode_id = -1) + function bbcode_tpl($tpl_name, $bbcode_id = -1, $skip_bitfield_check = false) { if (empty($bbcode_hardtpl)) { @@ -403,7 +403,7 @@ class bbcode $template_bitfield = new bitfield($this->template_bitfield); } - if ($bbcode_id != -1 && !$template_bitfield->get($bbcode_id)) + if ($bbcode_id != -1 && !$template_bitfield->get($bbcode_id) && !$skip_bitfield_check) { return (isset($bbcode_hardtpl[$tpl_name])) ? $bbcode_hardtpl[$tpl_name] : false; } diff --git a/phpBB/includes/captcha/captcha_gd.php b/phpBB/includes/captcha/captcha_gd.php index e249a46c04..10c61836a5 100644 --- a/phpBB/includes/captcha/captcha_gd.php +++ b/phpBB/includes/captcha/captcha_gd.php @@ -16,33 +16,18 @@ */ class captcha { + var $width = 360; + var $height = 96; + function execute($code) { global $config; $stats = gd_info(); - if (substr($stats['GD Version'], 0, 7) === 'bundled') - { - $bundled = true; - } - else - { - $bundled = false; - } + $bundled = (substr($stats['GD Version'], 0, 7) === 'bundled') ? true : false; preg_match('/[\\d.]+/', $stats['GD Version'], $version); - if (version_compare($version[0], '2.0.1', '>=')) - { - $gd_version = 2; - } - else - { - $gd_version = 1; - } - - // set dimension of image - $lx = 360; - $ly = 96; + $gd_version = (version_compare($version[0], '2.0.1', '>=')) ? 2 : 1; // create the image, stay compat with older versions of GD if ($gd_version === 2) @@ -56,7 +41,7 @@ class captcha $func2 = 'imagecolorclosest'; } - $image = $func1($lx, $ly); + $image = $func1($this->width, $this->height); if ($bundled) { @@ -65,7 +50,7 @@ class captcha // set background color $back = imagecolorallocate($image, mt_rand(224, 255), mt_rand(224, 255), mt_rand(224, 255)); - imagefilledrectangle($image, 0, 0, $lx, $ly, $back); + imagefilledrectangle($image, 0, 0, $this->width, $this->height, $back); // allocates the 216 websafe color palette to the image if ($gd_version === 1) @@ -82,7 +67,6 @@ class captcha } } - // fill with noise or grid if ($config['captcha_gd_noise']) { @@ -92,7 +76,7 @@ class captcha $size = mt_rand(8, 23); $angle = mt_rand(0, 360); $x = mt_rand(0, 360); - $y = mt_rand(0, (int)($ly - ($size / 5))); + $y = mt_rand(0, (int)($this->height - ($size / 5))); $color = $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224)); $text = chr(mt_rand(45, 250)); imagettftext($image, $size, $angle, $x, $y, $color, $this->get_font(), $text); @@ -101,15 +85,16 @@ class captcha else { // generate grid - for ($i = 0; $i < $lx; $i += 13) + for ($i = 0; $i < $this->width; $i += 13) { $color = $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224)); - imageline($image, $i, 0, $i, $ly, $color); + imageline($image, $i, 0, $i, $this->height, $color); } - for ($i = 0; $i < $ly; $i += 11) + + for ($i = 0; $i < $this->height; $i += 11) { $color = $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224)); - imageline($image, 0, $i, $lx, $i, $color); + imageline($image, 0, $i, $this->width, $i, $color); } } @@ -120,7 +105,7 @@ class captcha $text = strtoupper($code[$i]); $angle = mt_rand(-30, 30); $size = mt_rand(20, 40); - $y = mt_rand((int)($size * 1.5), (int)($ly - ($size / 7))); + $y = mt_rand((int)($size * 1.5), (int)($this->height - ($size / 7))); $color = $func2($image, mt_rand(0, 127), mt_rand(0, 127), mt_rand(0, 127)); $shadow = $func2($image, mt_rand(127, 254), mt_rand(127, 254), mt_rand(127, 254)); diff --git a/phpBB/includes/captcha/captcha_non_gd.php b/phpBB/includes/captcha/captcha_non_gd.php index e4ab36f30b..41bd22868e 100644 --- a/phpBB/includes/captcha/captcha_non_gd.php +++ b/phpBB/includes/captcha/captcha_non_gd.php @@ -17,6 +17,8 @@ class captcha { var $filtered_pngs; + var $width = 320; + var $height = 50; /** * Define filtered pngs on init @@ -32,9 +34,7 @@ class captcha */ function execute($code) { - $total_width = 320; - $total_height = 50; - $img_height = 40; + $img_height = $this->height - 10; $img_width = 0; list($usec, $sec) = explode(' ', microtime()); @@ -45,7 +45,7 @@ class captcha for ($i = 0; $i < $code_len; $i++) { - $char = $code{$i}; + $char = $code[$i]; $width = mt_rand(0, 4); $raw_width = $this->filtered_pngs[$char]['width']; @@ -59,11 +59,11 @@ class captcha } } - $offset_x = mt_rand(0, $total_width - $img_width); - $offset_y = mt_rand(0, $total_height - $img_height); + $offset_x = mt_rand(0, $this->width - $img_width); + $offset_y = mt_rand(0, $this->height - $img_height); $image = ''; - for ($i = 0; $i < $total_height; $i++) + for ($i = 0; $i < $this->height; $i++) { $image .= chr(0); @@ -79,14 +79,14 @@ class captcha $image .= $this->randomise(substr($hold_chars[$code{$j}][$i - $offset_y - 1], 1), $char_widths[$j]); } - for ($j = $offset_x + $img_width; $j < $total_width; $j++) + for ($j = $offset_x + $img_width; $j < $this->width; $j++) { $image .= chr(mt_rand(140, 255)); } } else { - for ($j = 0; $j < $total_width; $j++) + for ($j = 0; $j < $this->width; $j++) { $image .= chr(mt_rand(140, 255)); } @@ -94,7 +94,7 @@ class captcha } unset($hold_chars); - $image = $this->create_png($image, $total_width, $total_height); + $image = $this->create_png($image, $this->width, $this->height); // Output image header('Content-Type: image/png'); diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index d2d3efedaa..da5efcf55a 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -307,15 +307,15 @@ class dbal } else { - return $field . ($negate ? ' NOT IN ' : ' IN ' ) . '(' . implode(', ', array_map(array($this, '_sql_validate_value'), $array)) . ')'; + return $field . ($negate ? ' NOT IN ' : ' IN ') . '(' . implode(', ', array_map(array($this, '_sql_validate_value'), $array)) . ')'; } } /** * Run more than one insert statement. * - * @param $sql_ary array multi-dimensional array holding the statement data. - * @param $table string table name to run the statements on + * @param string $table table name to run the statements on + * @param array &$sql_ary multi-dimensional array holding the statement data. * * @return bool false if no statements were executed. * @access public @@ -332,7 +332,6 @@ class dbal case 'mysql': case 'mysql4': case 'mysqli': - case 'sqlite': $this->sql_query('INSERT INTO ' . $table . ' ' . $this->sql_build_array('MULTI_INSERT', $sql_ary)); break; diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php index f95f99969c..439cb725fb 100644 --- a/phpBB/includes/db/mssql.php +++ b/phpBB/includes/db/mssql.php @@ -116,9 +116,6 @@ class dbal_mssql extends dbal $this->sql_report('start', $query); } - // For now, MSSQL has no real UTF-8 support - $query = utf8_decode($query); - $this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false; $this->sql_add_num_queries($this->query_result); diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php index 12e3ca686e..2cb3bf0f2d 100644 --- a/phpBB/includes/db/mssql_odbc.php +++ b/phpBB/includes/db/mssql_odbc.php @@ -114,9 +114,6 @@ class dbal_mssql_odbc extends dbal $this->sql_report('start', $query); } - // For now, MSSQL has no real UTF-8 support - $query = utf8_decode($query); - $this->last_query_text = $query; $this->query_result = ($cache_ttl && method_exists($cache, 'sql_load')) ? $cache->sql_load($query) : false; $this->sql_add_num_queries($this->query_result); diff --git a/phpBB/includes/db/oracle.php b/phpBB/includes/db/oracle.php index e8a0ce3605..8f65c667a7 100644 --- a/phpBB/includes/db/oracle.php +++ b/phpBB/includes/db/oracle.php @@ -219,52 +219,6 @@ class dbal_oracle extends dbal { $this->query_result = false; - // Any implicit columns exist? - if (strpos($query, '.*') !== false) - { - // This sucker does a few things for us. It grabs all the explicitly named columns and what tables are being used - preg_match('/SELECT (?:DISTINCT )?(.*?)FROM(.*?)(?:WHERE|(ORDER|GROUP) BY|$)/s', $query, $tables); - - // The prefixes of the explicit columns don't matter, they simply get in the way - preg_match_all('/\.(\w+)/', trim($tables[1]), $columns); - - // Flip lets us do an easy isset() call - $columns = array_flip($columns[1]); - - $table_data = trim($tables[2]); - - // Grab the implicitly named columns, they need expanding... - preg_match_all('/(\w)\.\*/', $query, $info); - - $cols = array(); - - foreach ($info[1] as $table_alias) - { - // We need to get the name of the aliased table - preg_match('/(\w+) ' . $table_alias . '/', $table_data, $table_name); - $table_name = $table_name[1]; - - $sql = "SELECT column_name - FROM all_tab_cols - WHERE table_name = '" . strtoupper($table_name) . "'"; - - $result = $this->sql_query($sql); - while ($row = $this->sql_fetchrow($result)) - { - if (!isset($columns[strtolower($row['column_name'])])) - { - $cols[] = $table_alias . '.' . strtolower($row['column_name']); - } - } - $this->sql_freeresult($result); - - // Remove the implicity .* with it's full expansion - $query = str_replace($table_alias . '.*', implode(', ', $cols), $query); - - unset($cols); - } - } - $query = 'SELECT * FROM (SELECT /*+ FIRST_ROWS */ rownum AS xrownum, a.* FROM (' . $query . ') a WHERE rownum <= ' . ($offset + $total) . ') WHERE xrownum >= ' . $offset; return $this->sql_query($query, $cache_ttl); diff --git a/phpBB/includes/diff/diff.php b/phpBB/includes/diff/diff.php index fd2d557a19..ca8d16fd3e 100644 --- a/phpBB/includes/diff/diff.php +++ b/phpBB/includes/diff/diff.php @@ -23,17 +23,12 @@ include_once($phpbb_root_path . 'includes/diff/renderer.' . $phpEx); * Code from pear.php.net, Text_Diff-0.2.1 (beta) package * http://pear.php.net/package/Text_Diff/ * -* Modified by Acyd Burn to meet our coding standards +* Modified by phpBB Group to meet our coding standards * and being able to integrate into phpBB -*/ - -/** +* * General API for generating and formatting diffs - the differences between * two sequences of strings. * -* The PHP diff code used in this package was originally written by Geoffrey -* T. Dairiki and is used with his permission. -* * @package phpBB3 * @author Geoffrey T. Dairiki <dairiki@dairiki.org> */ @@ -182,7 +177,7 @@ class diff /** * Removes trailing newlines from a line of text. This is meant to be used with array_walk(). * - * @param string $line The line to trim. + * @param string &$line The line to trim. * @param integer $key The index of the line in the array. Not used. */ function trim_newlines(&$line, $key) diff --git a/phpBB/includes/diff/engine.php b/phpBB/includes/diff/engine.php index c230d865cd..5fcb317dd5 100644 --- a/phpBB/includes/diff/engine.php +++ b/phpBB/includes/diff/engine.php @@ -19,11 +19,9 @@ if (!defined('IN_PHPBB')) * Code from pear.php.net, Text_Diff-0.2.1 (beta) package * http://pear.php.net/package/Text_Diff/ * -* Modified by Acyd Burn to meet our coding standards +* Modified by phpBB Group to meet our coding standards * and being able to integrate into phpBB -*/ - -/** +* * Class used internally by Diff to actually compute the diffs. This class is * implemented using native PHP code. * diff --git a/phpBB/includes/diff/renderer.php b/phpBB/includes/diff/renderer.php index 408addb858..984fd65708 100644 --- a/phpBB/includes/diff/renderer.php +++ b/phpBB/includes/diff/renderer.php @@ -19,11 +19,9 @@ if (!defined('IN_PHPBB')) * Code from pear.php.net, Text_Diff-0.2.1 (beta) package * http://pear.php.net/package/Text_Diff/ * -* Modified by Acyd Burn to meet our coding standards +* Modified by phpBB Group to meet our coding standards * and being able to integrate into phpBB -*/ - -/** +* * A class to render Diffs in different formats. * * This class renders the diff in classic diff format. It is intended that @@ -86,7 +84,7 @@ class diff_renderer /** * Renders a diff. * - * @param diff $diff A diff object. + * @param diff &$diff A diff object. * * @return string The formatted output. */ diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 91a818d454..9c8163bd14 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -153,7 +153,7 @@ function gen_rand_string($num_chars = 8) /** * Return unique id -* @param $extra additional entropy +* @param string $extra additional entropy */ function unique_id($extra = 'c') { @@ -237,7 +237,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, */ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list = false) { - global $config, $auth, $template, $user, $db, $phpEx; + global $config, $auth, $template, $user, $db; if (!$config['load_jumpbox']) { @@ -401,9 +401,9 @@ if (!function_exists('stripos')) * Find position of first occurrence of a case-insensitive string * * @param string $haystack is the string to search in - * @param string needle is the string to search for + * @param string $needle is the string to search for * - * @return Returns the numeric position of the first occurrence of needle in the haystack string. Unlike strpos(), stripos() is case-insensitive. + * @return mixed Returns the numeric position of the first occurrence of needle in the haystack string. Unlike strpos(), stripos() is case-insensitive. * Note that the needle may be a string of one or more characters. * If needle is not found, stripos() will return boolean FALSE. */ @@ -502,7 +502,7 @@ if (!function_exists('realpath')) else if (isset($_SERVER['SCRIPT_FILENAME']) && !empty($_SERVER['SCRIPT_FILENAME'])) { // Warning: If chdir() has been used this will lie! - // @todo This has some problems sometime (CLI can create them easily) + // Warning: This has some problems sometime (CLI can create them easily) $path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($_SERVER['SCRIPT_FILENAME'])) . '/' . $path; $absolute = true; $path_prefix = ''; @@ -614,6 +614,10 @@ else if (!function_exists('htmlspecialchars_decode')) { + /** + * A wrapper for htmlspecialchars_decode + * @ignore + */ function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT) { return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style))); @@ -675,20 +679,24 @@ function style_select($default = '', $all = false) */ function tz_select($default = '', $truncate = false) { - global $sys_timezone, $user; + global $user; $tz_select = ''; foreach ($user->lang['tz_zones'] as $offset => $zone) { if ($truncate) { - $zone = (utf8_strlen($zone) > 70) ? utf8_substr($zone, 0, 70) . '...' : $zone; + $zone_trunc = truncate_string($zone, 50, false, '...'); + } + else + { + $zone_trunc = $zone; } if (is_numeric($offset)) { $selected = ($offset == $default) ? ' selected="selected"' : ''; - $tz_select .= '<option value="' . $offset . '"' . $selected . '>' . $zone . '</option>'; + $tz_select .= '<option title="'.$zone.'" value="' . $offset . '"' . $selected . '>' . $zone_trunc . '</option>'; } } @@ -1861,7 +1869,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa } } - // The result parameter is always an array, holding the relevant informations... + // The result parameter is always an array, holding the relevant information... if ($result['status'] == LOGIN_SUCCESS) { $redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx"); @@ -2093,7 +2101,7 @@ function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_po function get_context($text, $words, $length = 400) { // first replace all whitespaces with single spaces - $text = preg_replace('/\s+/', ' ', $text); + $text = preg_replace('/\s+/u', ' ', $text); $word_indizes = array(); if (sizeof($words)) @@ -2358,19 +2366,19 @@ function make_clickable($text, $server_url = false) // Be sure to not let the matches cross over. ;) // relative urls for this board - $magic_url_match[] = '#(^|[\n ]|\()(' . preg_quote($server_url, '#') . ')/(([^[ \t\n\r<"\'\)&]+|&(?!lt;|quot;))*)#ie'; + $magic_url_match[] = '#(^|[\n\t (])(' . preg_quote($server_url, '#') . ')/(([^[ \t\n\r<"\'\)&]+|&(?!lt;|quot;))*)#ie'; $magic_url_replace[] = "'\$1<!-- l --><a href=\"\$2/' . preg_replace('/(&|\?)sid=[0-9a-f]{32}/', '\\1', '\$3') . '\">' . preg_replace('/(&|\?)sid=[0-9a-f]{32}/', '\\1', '\$3') . '</a><!-- l -->'"; // matches a xxxx://aaaaa.bbb.cccc. ... - $magic_url_match[] = '#(^|[\n ]|\()([\w]+:/{2}.*?([^[ \t\n\r<"\'\)&]+|&(?!lt;|quot;))*)#ie'; + $magic_url_match[] = '#(^|[\n\t (])([\w]+:/{2}.*?([^[ \t\n\r<"\'\)&]+|&(?!lt;|quot;))*)#ie'; $magic_url_replace[] = "'\$1<!-- m --><a href=\"\$2\">' . ((strlen('\$2') > 55) ? substr(str_replace('&', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&', '&', '\$2'), -10) : '\$2') . '</a><!-- m -->'"; // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing - $magic_url_match[] = '#(^|[\n ]|\()(w{3}\.[\w\-]+\.[\w\-.\~]+(?:[^[ \t\n\r<"\'\)&]+|&(?!lt;|quot;))*)#ie'; + $magic_url_match[] = '#(^|[\n\t (])(w{3}\.[\w\-]+\.[\w\-.\~]+(?:[^[ \t\n\r<"\'\)&]+|&(?!lt;|quot;))*)#ie'; $magic_url_replace[] = "'\$1<!-- w --><a href=\"http://\$2\">' . ((strlen('\$2') > 55) ? substr(str_replace('&', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&', '&', '\$2'), -10) : '\$2') . '</a><!-- w -->'"; // matches an email@domain type address at the start of a line, or after a space or after what might be a BBCode. - $magic_url_match[] = '/(^|[\n ]|\()(' . get_preg_expression('email') . ')/ie'; + $magic_url_match[] = '/(^|[\n\t )])(' . get_preg_expression('email') . ')/ie'; $magic_url_replace[] = "'\$1<!-- e --><a href=\"mailto:\$2\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- e -->'"; } @@ -2493,14 +2501,14 @@ function extension_allowed($forum_id, $extension, &$extensions) /** * Little helper for the build_hidden_fields function */ -function _build_hidden_fields($key, $value, $specialchar) +function _build_hidden_fields($key, $value, $specialchar, $stripslashes) { $hidden_fields = ''; if (!is_array($value)) { - $key = ($specialchar) ? htmlspecialchars($key) : $key; - $value = ($specialchar) ? htmlspecialchars($value) : $value; + $value = ($stripslashes) ? stripslashes($value) : $value; + $value = ($specialchar) ? htmlspecialchars($value, ENT_COMPAT, 'UTF-8') : $value; $hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . $value . '" />' . "\n"; } @@ -2508,7 +2516,10 @@ function _build_hidden_fields($key, $value, $specialchar) { foreach ($value as $_key => $_value) { - $hidden_fields .= _build_hidden_fields($key . '[' . $_key . ']', $_value, $specialchar); + $_key = ($stripslashes) ? stripslashes($_key) : $_key; + $_key = ($specialchar) ? htmlspecialchars($_key, ENT_COMPAT, 'UTF-8') : $_key; + + $hidden_fields .= _build_hidden_fields($key . '[' . $_key . ']', $_value, $specialchar, $stripslashes); } } @@ -2517,14 +2528,23 @@ function _build_hidden_fields($key, $value, $specialchar) /** * Build simple hidden fields from array +* +* @param array $field_ary an array of values to build the hidden field from +* @param bool $specialchar if true, keys and values get specialchared +* @param bool $stripslashes if true, keys and values get stripslashed +* +* @return string the hidden fields */ -function build_hidden_fields($field_ary, $specialchar = false) +function build_hidden_fields($field_ary, $specialchar = false, $stripslashes = false) { $s_hidden_fields = ''; foreach ($field_ary as $name => $vars) { - $s_hidden_fields .= _build_hidden_fields($name, $vars, $specialchar); + $name = ($stripslashes) ? stripslashes($name) : $name; + $name = ($specialchar) ? htmlspecialchars($name, ENT_COMPAT, 'UTF-8') : $name; + + $s_hidden_fields .= _build_hidden_fields($name, $vars, $specialchar, $stripslashes); } return $s_hidden_fields; @@ -2660,7 +2680,7 @@ function get_backtrace() $trace['file'] = substr($trace['file'], 1); $args = array(); - // If include/require/include_once is not called, do not show arguments - they may contain sensible informations + // If include/require/include_once is not called, do not show arguments - they may contain sensible information if (!in_array($trace['function'], array('include', 'require', 'include_once'))) { unset($trace['args']); @@ -2721,11 +2741,12 @@ function get_preg_expression($mode) * Truncates string while retaining special characters if going over the max length * The default max length is 60 at the moment */ -function truncate_string($string, $max_length = 60, $allow_reply = true) +function truncate_string($string, $max_length = 60, $allow_reply = true, $append = '') { $chars = array(); $strip_reply = false; + $stripped = false; if ($allow_reply && strpos($string, 'Re: ') === 0) { $strip_reply = true; @@ -2740,16 +2761,100 @@ function truncate_string($string, $max_length = 60, $allow_reply = true) { // Cut off the last elements from the array $string = implode('', array_slice($chars, 0, $max_length)); + $stripped = true; } if ($strip_reply) { $string = 'Re: ' . $string; } + + if ($append != '' && $stripped) + { + $string = $string . $append; + } return $string; } +/** +* Get username details for placing into templates. +* +* @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour) or full (for obtaining a html string representing a coloured link to the users profile). +* @param int $user_id The users id +* @param string $username The users name +* @param string $username_colour The users colour +* @param string $guest_username optional parameter to specify the guest username. It will be used in favor of the GUEST language variable then. +* @param string $custom_profile_url optional parameter to specify a profile url. The user id get appended to this url as &u={user_id} +* +* @return string A string consisting of what is wanted based on $mode. +*/ +function get_username_string($mode, $user_id, $username, $username_colour = '', $guest_username = false, $custom_profile_url = false) +{ + global $phpbb_root_path, $phpEx, $user; + + $full_string = $profile_url = ''; + $username_colour = ($username_colour) ? '#' . $username_colour : ''; + + if ($guest_username === false) + { + $username = ($username) ? $username : $user->lang['GUEST']; + } + else + { + $username = ($user_id && $user_id != ANONYMOUS) ? $username : ((!empty($guest_username)) ? $guest_username : $user->lang['GUEST']); + } + + // Only show the link if not anonymous + if ($user_id && $user_id != ANONYMOUS) + { + $profile_url = ($custom_profile_url !== false) ? $custom_profile_url : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile'); + $profile_url .= '&u=' . (int) $user_id; + } + else + { + $profile_url = ''; + } + + switch ($mode) + { + case 'profile': + return $profile_url; + break; + + case 'username': + return $username; + break; + + case 'colour': + return $username_colour; + break; + + case 'full': + default: + + $tpl = ''; + if (!$profile_url && !$username_colour) + { + $tpl = '{USERNAME}'; + } + else if (!$profile_url && $username_colour) + { + $tpl = '<span style="color: {USERNAME_COLOUR}; font-weight: bold;">{USERNAME}</span>'; + } + else if ($profile_url && !$username_colour) + { + $tpl = '<a href="{PROFILE_URL}">{USERNAME}</a>'; + } + else if ($profile_url && $username_colour) + { + $tpl = '<a href="{PROFILE_URL}" style="color: {USERNAME_COLOUR}; font-weight: bold;">{USERNAME}</a>'; + } + + return str_replace(array('{PROFILE_URL}', '{USERNAME_COLOUR}', '{USERNAME}'), array($profile_url, $username_colour, $username), $tpl); + break; + } +} /** * Wrapper for php's checkdnsrr function. @@ -2773,6 +2878,12 @@ function phpbb_checkdnsrr($host, $type = '') @exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output); + // If output is empty, the nslookup failed + if (empty($output)) + { + return NULL; + } + foreach ($output as $line) { if (!trim($line)) @@ -2820,27 +2931,21 @@ function msg_handler($errno, $msg_text, $errfile, $errline) // Check the error reporting level and return if the error level does not match // Additionally do not display notices if we suppress them via @ - // If DEBUG_EXTRA is defined the default level is E_ALL - if (($errno & ((defined('DEBUG_EXTRA') && error_reporting()) ? E_ALL : error_reporting())) == 0) + // If DEBUG is defined the default level is E_ALL + if (($errno & ((defined('DEBUG') && error_reporting()) ? E_ALL : error_reporting())) == 0) { return; } - /** - * @todo Think about removing the if-condition within the final product, since we no longer enable DEBUG by default and we will maybe adjust the error reporting level - */ - if (defined('DEBUG')) + if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false) { - if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false) - { - // remove complete path to installation, with the risk of changing backslashes meant to be there - $errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile); - $msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text); + // remove complete path to installation, with the risk of changing backslashes meant to be there + $errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile); + $msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text); - echo '<b>[phpBB Debug] PHP Notice</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n"; - } + echo '<b>[phpBB Debug] PHP Notice</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n"; } - + break; case E_USER_ERROR: @@ -3004,7 +3109,7 @@ function page_header($page_title = '', $display_online_list = true) // Specify escape character for MSSQL if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') { - $reading_sql .= " ESCAPE '\\'"; + $reading_sql .= " ESCAPE '\\' "; } } @@ -3041,7 +3146,7 @@ function page_header($page_title = '', $display_online_list = true) $reading_sql . ((!$config['load_online_guests']) ? ' AND s.session_user_id <> ' . ANONYMOUS : '') . ' AND u.user_id = s.session_user_id - ORDER BY u.username ASC, s.session_ip ASC'; + ORDER BY u.username_clean ASC, s.session_ip ASC'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -3344,7 +3449,8 @@ function page_footer($run_cron = true) } $template->assign_vars(array( - 'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '', + 'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '', + 'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '', 'U_ACP' => ($auth->acl_get('a_') && $user->data['is_registered']) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", '', true, $user->session_id) : '') ); @@ -3385,7 +3491,7 @@ function page_footer($run_cron = true) if ($cron_type) { - $template->assign_var('RUN_CRON_TASK', '<img src="' . $phpbb_root_path . 'cron.' . $phpEx . '?cron_type=' . $cron_type . '" width="1" height="1" alt="cron" />'); + $template->assign_var('RUN_CRON_TASK', '<img src="' . append_sid($phpbb_root_path . 'cron.' . $phpEx, 'cron_type=' . $cron_type) . '" width="1" height="1" alt="cron" />'); } } diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index c85802dafb..c00a2cd3d9 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -160,7 +160,7 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = if ($return_array) { - // Include some more informations... + // Include some more information... $selected = (is_array($select_id)) ? ((in_array($row['forum_id'], $select_id)) ? true : false) : (($row['forum_id'] == $select_id) ? true : false); $forum_list[$row['forum_id']] = array_merge(array('padding' => $padding, 'selected' => $selected), $row); } @@ -471,7 +471,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true) sync('forum', 'forum_id', $forum_ids, true); } - // Update posted informations + // Update posted information update_posted_info($topic_ids); } @@ -482,6 +482,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) { global $db, $config; + $approved_topics = 0; $forum_ids = $topic_ids = array(); if (is_array($where_ids)) @@ -502,7 +503,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) 'posts' => delete_posts($where_type, $where_ids, false, true) ); - $sql = 'SELECT topic_id, forum_id + $sql = 'SELECT topic_id, forum_id, topic_approved FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set($where_type, $where_ids); $result = $db->sql_query($sql); @@ -511,6 +512,11 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) { $forum_ids[] = $row['forum_id']; $topic_ids[] = $row['topic_id']; + + if ($row['topic_approved']) + { + $approved_topics++; + } } $db->sql_freeresult($result); @@ -545,7 +551,10 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) sync('topic_reported', $where_type, $where_ids); } - set_config('num_topics', $config['num_topics'] - sizeof($return['topics']), true); + if ($approved_topics) + { + set_config('num_topics', $config['num_topics'] - $approved_topics, true); + } return $return; } @@ -571,9 +580,10 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = return false; } + $approved_posts = 0; $post_ids = $topic_ids = $forum_ids = $post_counts = array(); - $sql = 'SELECT post_id, poster_id, post_postcount, topic_id, forum_id + $sql = 'SELECT post_id, poster_id, post_approved, post_postcount, topic_id, forum_id FROM ' . POSTS_TABLE . ' WHERE ' . $db->sql_in_set($where_type, array_map('intval', $where_ids)); $result = $db->sql_query($sql); @@ -589,6 +599,11 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = { $post_counts[$row['poster_id']] = (!empty($post_counts[$row['poster_id']])) ? $post_counts[$row['poster_id']] + 1 : 1; } + + if ($row['post_approved']) + { + $approved_posts++; + } } $db->sql_freeresult($result); @@ -658,7 +673,10 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = sync('forum', 'forum_id', $forum_ids, true); } - set_config('num_posts', $config['num_posts'] - sizeof($post_ids), true); + if ($approved_posts) + { + set_config('num_posts', $config['num_posts'] - $approved_posts, true); + } return sizeof($post_ids); } @@ -924,7 +942,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true) } /** -* Update/Sync posted informations for topics +* Update/Sync posted information for topics */ function update_posted_info(&$topic_ids) { @@ -1928,8 +1946,6 @@ function split_sql_file($sql, $delimiter) /** * Cache moderators, called whenever permissions are changed via admin_permissions. Changes of username * and group names must be carried through for the moderators table -* -* @todo let the admin define if he wants to display moderators (forum-based) - display_on_index already present and checked for... */ function cache_moderators() { @@ -2128,7 +2144,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id case 'user': $log_type = LOG_USERS; - $sql_forum = 'AND l.reportee_id = ' . intval($user_id); + $sql_forum = 'AND l.reportee_id = ' . (int) $user_id; break; case 'users': @@ -2145,7 +2161,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id return; } - $sql = "SELECT l.*, u.username + $sql = "SELECT l.*, u.username, u.user_colour FROM " . LOG_TABLE . " l, " . USERS_TABLE . " u WHERE l.log_type = $log_type AND u.user_id = l.user_id @@ -2170,10 +2186,15 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id $log[$i] = array( 'id' => $row['log_id'], - 'reportee_id' => $row['reportee_id'], - 'reportee_username' => '', + + 'reportee_id' => $row['reportee_id'], + 'reportee_username' => '', + 'reportee_username_full'=> '', + 'user_id' => $row['user_id'], - 'username' => '<a href="' . $profile_url . '&u=' . $row['user_id'] . '">' . $row['username'] . '</a>', + 'username' => $row['username'], + 'username_full' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], false, $profile_url), + 'ip' => $row['log_ip'], 'time' => $row['log_time'], 'forum_id' => $row['forum_id'], @@ -2256,21 +2277,31 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id } } - if ($reportee_id_list) + if (sizeof($reportee_id_list)) { $reportee_id_list = array_unique($reportee_id_list); $reportee_names_list = array(); - if (!function_exists('user_get_id_name')) + $sql = 'SELECT user_id, username, user_colour + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', $reportee_id_list); + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) { - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); + $reportee_names_list[$row['user_id']] = $row; } - - user_get_id_name($reportee_id_list, $reportee_names_list); + $db->sql_freeresult($result); foreach ($log as $key => $row) { - $log[$key]['reportee_username'] = (isset($reportee_names_list[$row['reportee_id']])) ? '<a href="' . $profile_url . '&u=' . $row['reportee_id'] . '">' . $reportee_names_list[$row['reportee_id']] . '</a>' : false; + if (!isset($reportee_names_list[$row['reportee_id']])) + { + continue; + } + + $log[$key]['reportee_username'] = $reportee_names_list[$row['reportee_id']]['username']; + $log[$key]['reportee_username_full'] = get_username_string('full', $row['reportee_id'], $reportee_names_list[$row['reportee_id']]['username'], $reportee_names_list[$row['reportee_id']]['user_colour'], false, $profile_url); } } @@ -2369,7 +2400,7 @@ function view_warned_users(&$users, &$user_count, $limit = 0, $offset = 0, $limi { global $db; - $sql = 'SELECT user_id, username, user_warnings, user_last_warning + $sql = 'SELECT user_id, username, user_colour, user_warnings, user_last_warning FROM ' . USERS_TABLE . ' WHERE user_warnings > 0 ' . (($limit_days) ? "AND user_last_warning >= $limit_days" : '') . " diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index cb8f963528..663b6bfe19 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -309,16 +309,11 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod { $last_post_subject = $row['forum_last_post_subject']; $last_post_time = $user->format_date($row['forum_last_post_time']); - - $last_poster = ($row['forum_last_poster_name'] != '') ? $row['forum_last_poster_name'] : $user->lang['GUEST']; - $last_poster_colour = ($row['forum_last_poster_colour']) ? '#' . $row['forum_last_poster_colour'] : ''; - $last_poster_url = ($row['forum_last_poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['forum_last_poster_id']); - $last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id']; } else { - $last_post_subject = $last_post_time = $last_poster = $last_poster_colour = $last_poster_url = $last_post_url = ''; + $last_post_subject = $last_post_time = $last_post_url = ''; } // Output moderator listing ... if applicable @@ -350,8 +345,9 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'SUBFORUMS' => $subforums_list, 'LAST_POST_SUBJECT' => censor_text($last_post_subject), 'LAST_POST_TIME' => $last_post_time, - 'LAST_POSTER' => $last_poster, - 'LAST_POSTER_COLOUR' => $last_poster_colour, + 'LAST_POSTER' => get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), + 'LAST_POSTER_COLOUR' => get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), + 'LAST_POSTER_FULL' => get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'MODERATORS' => $moderators_list, 'L_SUBFORUM_STR' => $l_subforums, @@ -359,7 +355,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'L_MODERATOR_STR' => $l_moderator, 'U_VIEWFORUM' => ($row['forum_type'] != FORUM_LINK || ($row['forum_flags'] & FORUM_FLAG_LINK_TRACK)) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : $row['forum_link'], - 'U_LAST_POSTER' => $last_poster_url, + 'U_LAST_POSTER' => get_username_string('profile', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'U_LAST_POST' => $last_post_url) ); } @@ -587,6 +583,10 @@ function get_moderators(&$forum_moderators, $forum_id = false) /** * User authorisation levels output +* +* @param string $mode Can be forum or topic. Not in use at the moment. +* @param int $forum_id The current forum the user is in. +* @param int $forum_status The forums status bit. */ function gen_forum_auth_level($mode, $forum_id, $forum_status) { @@ -597,8 +597,8 @@ function gen_forum_auth_level($mode, $forum_id, $forum_status) $rules = array( ($auth->acl_get('f_post', $forum_id) && !$locked) ? $user->lang['RULES_POST_CAN'] : $user->lang['RULES_POST_CANNOT'], ($auth->acl_get('f_reply', $forum_id) && !$locked) ? $user->lang['RULES_REPLY_CAN'] : $user->lang['RULES_REPLY_CANNOT'], - ($auth->acl_gets('f_edit', 'm_edit', $forum_id) && !$locked) ? $user->lang['RULES_EDIT_CAN'] : $user->lang['RULES_EDIT_CANNOT'], - ($auth->acl_gets('f_delete', 'm_delete', $forum_id) && !$locked) ? $user->lang['RULES_DELETE_CAN'] : $user->lang['RULES_DELETE_CANNOT'], + ($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id) && !$locked) ? $user->lang['RULES_EDIT_CAN'] : $user->lang['RULES_EDIT_CANNOT'], + ($user->data['is_registered'] && $auth->acl_gets('f_delete', 'm_delete', $forum_id) && !$locked) ? $user->lang['RULES_DELETE_CAN'] : $user->lang['RULES_DELETE_CANNOT'], ); if ($config['allow_attachments']) @@ -712,7 +712,7 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ $extensions = $cache->obtain_attach_extensions(); } - // Look for missing attachment informations... + // Look for missing attachment information... $attach_ids = array(); foreach ($attachment_data as $pos => $attachment) { @@ -744,7 +744,17 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ $attachment_data[$attach_ids[$row['attach_id']]] = $row; } $db->sql_freeresult($result); + } + // Sort correctly (please note that the attachment_data array itself get changed by this + if ($config['display_order']) + { + // Ascending sort + krsort($attachment_data); + } + else + { + // Descending sort ksort($attachment_data); } @@ -959,12 +969,10 @@ function display_custom_bbcodes() // Start counting from 22 for the bbcode ids (every bbcode takes two ids - opening/closing) $num_predefined_bbcodes = 22; - /* - * @todo while adjusting custom bbcodes, think about caching this query as well as correct ordering - */ $sql = 'SELECT bbcode_id, bbcode_tag, bbcode_helpline FROM ' . BBCODES_TABLE . ' - WHERE display_on_posting = 1'; + WHERE display_on_posting = 1 + ORDER BY bbcode_tag'; $result = $db->sql_query($sql); $i = 0; @@ -974,7 +982,7 @@ function display_custom_bbcodes() 'BBCODE_NAME' => "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'", 'BBCODE_ID' => $num_predefined_bbcodes + ($i * 2), 'BBCODE_TAG' => $row['bbcode_tag'], - 'BBCODE_HELPLINE' => str_replace(array('&', '"', ''', '<', '>'), array('\&', '\"', '\\\'', '<', '>'), $row['bbcode_helpline'])) + 'BBCODE_HELPLINE' => str_replace(array('&', '"', "'", '<', '>'), array('\&', '\"', '\\\'', '<', '>'), $row['bbcode_helpline'])) ); $i++; @@ -1051,7 +1059,7 @@ function display_user_activity(&$userdata) $forum_sql GROUP BY forum_id ORDER BY num_posts DESC"; - $result = $db->sql_query_limit($sql, 1, 0, 3600); + $result = $db->sql_query_limit($sql, 1); $active_f_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -1073,7 +1081,7 @@ function display_user_activity(&$userdata) $forum_sql GROUP BY topic_id ORDER BY num_posts DESC"; - $result = $db->sql_query_limit($sql, 1, 0, 3600); + $result = $db->sql_query_limit($sql, 1); $active_t_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 75eda9b10c..4625ba47d0 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -962,7 +962,7 @@ class smtp_class function smtp_class() { - if (defined('DEBUG_EXTRA')) + if (defined('DEBUG')) { $this->backtrace = true; $this->backtrace_log = array(); @@ -987,7 +987,7 @@ class smtp_class { fputs($this->socket, $command . "\r\n"); - (!$private_info) ? $this->add_backtrace("# $command") : $this->add_backtrace('# Ommitting sensitive Informations'); + (!$private_info) ? $this->add_backtrace("# $command") : $this->add_backtrace('# Ommitting sensitive information'); // We could put additional code here } @@ -1368,33 +1368,53 @@ class smtp_class } /** -* Encodes the given string for proper display in UTF-8 ... nabbed -* from php.net and modified. There is an alternative encoding method which -* may produce less output but it's questionable as to its worth in this -* scenario. +* Encodes the given string for proper display in UTF-8. * * This version is using base64 encoded data. The downside of this * is if the mail client does not understand this encoding the user * is basically doomed with an unreadable subject. +* +* Please note that this version fully supports RFC 2045 section 6.8. */ function mail_encode($str) { // define start delimimter, end delimiter and spacer - $end = '?='; - $start = '=?UTF-8?B?'; - $spacer = "$end $start"; + $start = "=?UTF-8?B?"; + $end = "?="; + $spacer = $end . ' ' . $start; + $split_length = 64; + + $encoded_str = base64_encode($str); - // determine length of encoded text within chunks and ensure length is even - $length = 76 - strlen($start) - strlen($end); - $length = floor($length / 2) * 2; + // If encoded string meets the limits, we just return with the correct data. + if (strlen($encoded_str) <= $split_length) + { + return $start . $encoded_str . $end; + } + + // If there is only ASCII data, we just return what we want, correctly splitting the lines. + if (strlen($str) === utf8_strlen($str)) + { + return $start . implode($spacer, str_split($encoded_str, $split_length)) . $end; + } - // encode the string and split it into chunks with spacers after each chunk - $str = chunk_split(base64_encode($str), $length, $spacer); + // UTF-8 data, compose encoded lines + $array = utf8_str_split($str); + $str = ''; - // remove trailing spacer and add start and end delimiters - $str = preg_replace('#' . preg_quote($spacer, '#') . '$#', '', $str); + while (sizeof($array)) + { + $text = ''; + + while (sizeof($array) && strlen(base64_encode($text . $array[0])) <= $split_length) + { + $text .= array_shift($array); + } + + $str .= $start . base64_encode($text) . $end . ' '; + } - return $start . $str . $end; + return substr($str, 0, -1); } ?>
\ No newline at end of file diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index 89dda74700..753e043c16 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -213,12 +213,11 @@ class p_master /** * Check module authorisation - * @todo Have a look at the eval statement and replace with other code... */ - function module_auth($module_auth) + function module_auth($module_auth, $forum_id = false) { global $auth, $config; - + $module_auth = trim($module_auth); // Generally allowed to access module if module_auth is empty @@ -227,8 +226,45 @@ class p_master return true; } + // With the code below we make sure only those elements get eval'd we really want to be checked + preg_match_all('/(?: + "[^"\\\\]*(?:\\\\.[^"\\\\]*)*" | + \'[^\'\\\\]*(?:\\\\.[^\'\\\\]*)*\' | + [(),] | + [^\s(),]+)/x', $module_auth, $match); + + $tokens = $match[0]; + for ($i = 0, $size = sizeof($tokens); $i < $size; $i++) + { + $token = &$tokens[$i]; + + switch ($token) + { + case ')': + case '(': + case '&&': + case '||': + case ',': + break; + + default: + if (!preg_match('#(?:acl_([a-z_]+)(,\$id)?)|(?:\$id)|(?:aclf_([a-z_]+))|(?:cfg_([a-z_]+))#', $token)) + { + $token = ''; + } + break; + } + } + + $module_auth = implode(' ', $tokens); + + // Make sure $id seperation is working fine + $module_auth = str_replace(' , ', ',', $module_auth); + + $forum_id = ($forum_id === false) ? $this->acl_forum_id : $forum_id; + $is_auth = false; - eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', '(int) $this->acl_forum_id', '(int) $auth->acl_getf_global("\\1")', '(int) $config["\\1"]'), $module_auth) . ');'); + eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']'), $module_auth) . ');'); return $is_auth; } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index b15466b487..49ed4932a3 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -96,8 +96,8 @@ function generate_smilies($mode, $forum_id) } /** -* Update Post Informations (First/Last Post in topic/forum) -* Should be used instead of sync() if only the last post informations are out of sync... faster +* Update Post Information (First/Last Post in topic/forum) +* Should be used instead of sync() if only the last post information are out of sync... faster * * @param string $type Can be forum|topic * @param mixed $ids topic/forum ids @@ -367,7 +367,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage // Check Image Size, if it is an image if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id) && $cat_id == ATTACHMENT_CATEGORY_IMAGE) { - $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); + $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } // Admins and mods are allowed to exceed the allowed filesize @@ -561,6 +561,12 @@ function create_thumbnail($source, $destination, $mimetype) list($new_width, $new_height) = get_img_size_format($width, $height); + // Do not create a thumbnail if the resulting width/height is bigger than the original one + if ($new_width > $width && $new_height > $height) + { + return false; + } + $used_imagick = false; // Only use imagemagick if defined and the passthru function not disabled @@ -686,7 +692,7 @@ function posting_gen_inline_attachments(&$attachment_data) /** * Generate inline attachment entry */ -function posting_gen_attachment_entry(&$attachment_data, &$filename_data) +function posting_gen_attachment_entry($attachment_data, &$filename_data) { global $template, $config, $phpbb_root_path, $phpEx, $user; @@ -700,8 +706,10 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data) 'S_HAS_ATTACHMENTS' => true) ); - $count = 0; - foreach ($attachment_data as $attach_row) + // We display the posted attachments within the desired order. + ($config['display_order']) ? krsort($attachment_data) : ksort($attachment_data); + + foreach ($attachment_data as $count => $attach_row) { $hidden = ''; $attach_row['real_filename'] = basename($attach_row['real_filename']); @@ -723,8 +731,6 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data) 'U_VIEW_ATTACHMENT' => $download_link, 'S_HIDDEN' => $hidden) ); - - $count++; } } @@ -857,7 +863,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id global $config, $phpbb_root_path, $phpEx; // Go ahead and pull all data for this topic - $sql = 'SELECT u.username, u.user_id, p.* + $sql = 'SELECT u.username, u.user_id, u.user_colour, p.* FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u WHERE p.topic_id = $topic_id AND p.poster_id = u.user_id @@ -890,20 +896,11 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id foreach ($rowset as $i => $row) { - $poster_id = $row['user_id']; - $poster = $row['username']; + $poster_id = $row['user_id']; + $post_subject = $row['post_subject']; + $message = censor_text($row['post_text']); + $message = str_replace("\n", '<br />', $message); - // Handle anon users posting with usernames - if ($poster_id == ANONYMOUS) - { - $poster = ($row['post_username']) ? $row['post_username'] : $user->lang['GUEST']; - $poster_rank = ($row['post_username']) ? $user->lang['GUEST'] : ''; - } - - $post_subject = $row['post_subject']; - $message = $row['post_text']; - $message = censor_text($message); - $message = str_replace("\n", '<br />', $message); $decoded_message = false; if ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) @@ -925,7 +922,11 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id $post_subject = censor_text($post_subject); $template->assign_block_vars($mode . '_row', array( - 'POSTER_NAME' => $poster, + 'POST_AUTHOR_FULL' => get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']), + 'POST_AUTHOR_COLOUR' => get_username_string('colour', $poster_id, $row['username'], $row['user_colour'], $row['post_username']), + 'POST_AUTHOR' => get_username_string('username', $poster_id, $row['username'], $row['user_colour'], $row['post_username']), + 'U_POST_AUTHOR' => get_username_string('profile', $poster_id, $row['username'], $row['user_colour'], $row['post_username']), + 'POST_SUBJECT' => $post_subject, 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']), 'POST_DATE' => $user->format_date($row['post_time']), @@ -934,7 +935,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id 'U_POST_ID' => $row['post_id'], 'U_MINI_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . '#p' . $row['post_id'], 'U_MCP_DETAILS' => ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=post_details&f=' . $forum_id . '&p=' . $row['post_id'], true, $user->session_id) : '', - 'POSTER_QUOTE' => ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) ? addslashes($poster) : '') + 'POSTER_QUOTE' => ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) ? addslashes(get_username_string('username', $poster_id, $row['username'], $row['user_colour'], $row['post_username'])) : '') ); unset($rowset[$i]); } @@ -1123,7 +1124,6 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id )); $messenger->send($addr['method']); - $messenger->reset(); } } unset($msg_list_ary); @@ -1241,7 +1241,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) $sql_data[FORUMS_TABLE] = 'forum_posts = forum_posts - 1'; } - $sql_data[TOPICS_TABLE] = 'topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . ", topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'"; + $sql_data[TOPICS_TABLE] = 'topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'"; $sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : ''); $next_post_id = (int) $row['post_id']; @@ -1387,11 +1387,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u $subject = truncate_string($subject); $data['topic_title'] = truncate_string($data['topic_title']); - // Collect some basic informations about which tables and which rows to update/insert + // Collect some basic information about which tables and which rows to update/insert $sql_data = array(); $poster_id = ($mode == 'edit') ? $data['poster_id'] : (int) $user->data['user_id']; - // Collect Informations + // Collect Information switch ($post_mode) { case 'post': diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 58d854b928..d67478b190 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -120,7 +120,7 @@ function get_folder($user_id, $folder_id = false) $folder = array(); - // Get folder informations + // Get folder information $sql = 'SELECT folder_id, COUNT(msg_id) as num_messages, SUM(pm_unread) as num_unread FROM ' . PRIVMSGS_TO_TABLE . " WHERE user_id = $user_id @@ -242,7 +242,7 @@ function clean_sentbox($num_sentbox_messages) } /** -* Check Rule against Message Informations +* Check Rule against Message Information */ function check_rule(&$rules, &$rule_row, &$message_row, $user_id) { @@ -297,7 +297,7 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id) $auth2 = new auth(); $auth2->acl($userdata); - if (!$auth2->acl_get('a_') && !$auth->acl_get('m_') && !$auth2->acl_getf_global('m_')) + if (!$auth2->acl_get('a_') && !$auth2->acl_get('m_') && !$auth2->acl_getf_global('m_')) { return array('action' => $rule_row['rule_action'], 'pm_unread' => $message_row['pm_unread'], 'pm_marked' => $message_row['pm_marked']); } @@ -429,7 +429,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) $row['author_in_group'] = $memberships[$row['user_id']]; } - // Check Rule - this should be very quick since we have all informations we need + // Check Rule - this should be very quick since we have all information we need $is_match = false; foreach ($user_rules as $rule_row) { @@ -515,11 +515,12 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) // Do not change the order of processing // The number of queries needed to be executed here highly depends on the defined rules and are // only gone through if new messages arrive. - $num_not_moved = 0; + $num_not_moved = $num_removed = 0; // Delete messages if (sizeof($delete_ids)) { + $num_removed = sizeof($delete_ids); delete_pm($user_id, $delete_ids, PRIVMSGS_NO_BOX); } @@ -694,7 +695,10 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) $user->data['user_unread_privmsg'] -= $num_unread; } - return $num_not_moved; + return array( + 'not_moved' => $num_not_moved, + 'deleted' => $num_removed, + ); } /** @@ -911,7 +915,7 @@ function delete_pm($user_id, $msg_ids, $folder_id) return false; } - // Get PM Informations for later deleting + // Get PM Information for later deleting $sql = 'SELECT msg_id, pm_unread, pm_new FROM ' . PRIVMSGS_TO_TABLE . ' WHERE ' . $db->sql_in_set('msg_id', array_map('intval', $msg_ids)) . " @@ -952,7 +956,7 @@ function delete_pm($user_id, $msg_ids, $folder_id) $db->sql_query($sql); // Set delete flag for those intended to receive the PM - // We do not remove the message actually, to retain some basic informations (sent time for example) + // We do not remove the message actually, to retain some basic information (sent time for example) $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' SET pm_deleted = 1 WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows)); @@ -962,7 +966,7 @@ function delete_pm($user_id, $msg_ids, $folder_id) } else { - // Delete Private Message Informations + // Delete private message data $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . " WHERE user_id = $user_id AND folder_id = $folder_id @@ -1058,7 +1062,7 @@ function rebuild_header($check_ary) } /** -* Print out/assign recipient informations +* Print out/assign recipient information */ function write_pm_addresses($check_ary, $author_id, $plaintext = false) { @@ -1166,15 +1170,30 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false) { foreach ($adr_ary as $id => $row) { - $template->assign_block_vars($check_type . '_recipient', array( - 'NAME' => $row['name'], - 'IS_GROUP' => ($type == 'group'), - 'IS_USER' => ($type == 'user'), - 'COLOUR' => ($row['colour']) ? $row['colour'] : '', + $tpl_ary = array( + 'IS_GROUP' => ($type == 'group') ? true : false, + 'IS_USER' => ($type == 'user') ? true : false, 'UG_ID' => $id, - 'U_VIEW' => ($type == 'user') ? (($id != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $id) : '') : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $id), - 'TYPE' => $type) + 'NAME' => $row['name'], + 'COLOUR' => ($row['colour']) ? '#' . $row['colour'] : '', + 'TYPE' => $type, ); + + if ($type == 'user') + { + $tpl_ary = array_merge($tpl_ary, array( + 'U_VIEW' => get_username_string('profile', $id, $row['name'], $row['colour']), + 'NAME_FULL' => get_username_string('full', $id, $row['name'], $row['colour']), + )); + } + else + { + $tpl_ary = array_merge($tpl_ary, array( + 'U_VIEW' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $id), + )); + } + + $template->assign_block_vars($check_type . '_recipient', $tpl_ary); } } } @@ -1233,11 +1252,11 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr $current_time = time(); - // Collect some basic informations about which tables and which rows to update/insert + // Collect some basic information about which tables and which rows to update/insert $sql_data = array(); $root_level = 0; - // Recipient Informations + // Recipient Information $recipients = $to = $bcc = array(); if ($mode != 'edit') @@ -1604,7 +1623,6 @@ function pm_notification($mode, $author, $recipients, $subject, $message) ); $messenger->send($addr['method']); - $messenger->reset(); } unset($msg_list_ary); diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index b35781e198..494288a600 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -579,7 +579,7 @@ class custom_profile if (gettype($value) == 'string') { - utf8_normalize_nfc(&$value); + $value = utf8_normalize_nfc($value); } } @@ -865,8 +865,7 @@ class custom_profile case FIELD_STRING: case FIELD_TEXT: - $var = request_var($var_name, $profile_row['field_default_value'], true); - utf8_normalize_nfc(&$var); + $var = utf8_normalize_nfc(request_var($var_name, $profile_row['field_default_value'], true)); break; case FIELD_INT: diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index a7a76cf526..ff32e4447d 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -9,7 +9,7 @@ */ /** -* Responsible for holding all file relevant informations, as well as doing file-specific operations. +* Responsible for holding all file relevant information, as well as doing file-specific operations. * The {@link fileupload fileupload class} can be used to upload several files, each of them being this object to operate further on. * @package phpBB3 */ diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 15daa0c999..d22add63ea 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -142,7 +142,8 @@ function user_add($user_row, $cp_data = false) 'username' => $user_row['username'], 'username_clean' => utf8_clean_string($user_row['username']), 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', - 'user_email' => $user_row['user_email'], + 'user_pass_convert' => 0, + 'user_email' => strtolower($user_row['user_email']), 'user_email_hash' => (int) crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']), 'group_id' => $user_row['group_id'], 'user_type' => $user_row['user_type'], @@ -170,6 +171,7 @@ function user_add($user_row, $cp_data = false) 'user_posts' => 0, 'user_dst' => 0, 'user_colour' => '', + 'user_occ' => '', 'user_interests' => '', 'user_avatar' => '', 'user_avatar_type' => 0, @@ -408,7 +410,7 @@ function user_delete($mode, $user_id, $post_username = false) AND folder_id = ' . PRIVMSGS_NO_BOX; $db->sql_query($sql); - // Delete all to-informations + // Delete all to-information $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . ' WHERE user_id = ' . $user_id; $db->sql_query($sql); @@ -1115,8 +1117,7 @@ function validate_match($string, $optional = false, $match) * Also checks if it includes the " character, which we don't allow in usernames. * Used for registering, changing names, and posting anonymously with a username * -* @todo do we really check and disallow the " character in usernames as written above. Has it only be forgotten to include the check? -* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) +* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) */ function validate_username($username) { @@ -1218,7 +1219,9 @@ function validate_email($email) { global $config, $db, $user; - if (strtolower($user->data['user_email']) == strtolower($email)) + $email = strtolower($email); + + if (strtolower($user->data['user_email']) == $email) { return false; } @@ -1249,7 +1252,7 @@ function validate_email($email) { $sql = 'SELECT user_email_hash FROM ' . USERS_TABLE . " - WHERE user_email_hash = " . crc32(strtolower($email)) . strlen($email); + WHERE user_email_hash = " . crc32($email) . strlen($email); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -1528,10 +1531,12 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow 'group_receive_pm' => 'int', 'group_legend' => 'int', 'group_message_limit' => 'int', + + 'group_founder_manage' => 'int', ); // Those are group-only attributes - $group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit'); + $group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_founder_manage'); // Check data if (!utf8_strlen($name) || utf8_strlen($name) > 40) @@ -1718,7 +1723,7 @@ function group_delete($group_id, $group_name = false) /** * Add user(s) to group * -* @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER' +* @return mixed false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER' */ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false) { @@ -2014,7 +2019,6 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna ); $messenger->send($row['user_notify_type']); - $messenger->reset(); } $messenger->save_queue(); @@ -2264,6 +2268,7 @@ function group_update_listings($group_id) { if (!function_exists('cache_moderators')) { + global $phpbb_root_path, $phpEx; include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); } cache_moderators(); diff --git a/phpBB/includes/mcp/mcp_forum.php b/phpBB/includes/mcp/mcp_forum.php index b20bd63a08..bf9ef5280d 100644 --- a/phpBB/includes/mcp/mcp_forum.php +++ b/phpBB/includes/mcp/mcp_forum.php @@ -67,7 +67,10 @@ function mcp_forum_view($id, $mode, $action, $forum_info) 'REPORTED_IMG' => $user->img('icon_topic_reported', 'TOPIC_REPORTED'), 'UNAPPROVED_IMG' => $user->img('icon_topic_unapproved', 'TOPIC_UNAPPROVED'), + 'LAST_POST_IMG' => $user->img('icon_topic_latest', 'VIEW_LATEST_POST'), + 'NEWEST_POST_IMG' => $user->img('icon_topic_newest', 'VIEW_NEWEST_POST'), + 'S_CAN_REPORT' => $auth->acl_get('m_report', $forum_id), 'S_CAN_DELETE' => $auth->acl_get('m_delete', $forum_id), 'S_CAN_MOVE' => $auth->acl_get('m_move', $forum_id), 'S_CAN_FORK' => $auth->acl_get('m_', $forum_id), @@ -79,7 +82,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info) 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id), 'U_VIEW_FORUM_LOGS' => ($auth->acl_gets('a_', 'm_', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=logs&mode=forum_logs&f=' . $forum_id) : '', - 'S_MCP_ACTION' => $url . "&i=$id&action=$action&mode=$mode&start=$start" . (($action == 'merge_select') ? $selected_ids : ''), + 'S_MCP_ACTION' => $url . "&i=$id&mode=$mode&start=$start" . (($action == 'merge_select') ? $selected_ids : ''), 'PAGINATION' => generate_pagination($url . "&i=$id&action=$action&mode=$mode" . (($action == 'merge_select') ? $selected_ids : ''), $forum_topics, $topics_per_page, $start), 'PAGE_NUMBER' => on_page($forum_topics, $topics_per_page, $start), @@ -111,7 +114,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info) $replies = ($auth->acl_get('m_approve', $forum_id)) ? $row['topic_replies_real'] : $row['topic_replies']; - // Get folder img, topic status/type related informations + // Get folder img, topic status/type related information $folder_img = $folder_alt = $topic_type = ''; topic_status($row, $replies, false, $folder_img, $folder_alt, $topic_type); @@ -127,7 +130,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info) 'S_SELECT_TOPIC' => ($action == 'merge_select' && $row['topic_id'] != $topic_id) ? true : false, 'U_SELECT_TOPIC' => $url . "&i=$id&mode=topic_view&action=merge&to_topic_id=" . $row['topic_id'] . $selected_ids, 'U_MCP_QUEUE' => $u_mcp_queue, - 'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=topic_view&t=' . $row['topic_id'] . '&action=reports'), + 'U_MCP_REPORT' => ($auth->acl_get('m_report', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=topic_view&t=' . $row['topic_id'] . '&action=reports') : '', 'ATTACH_ICON_IMG' => ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']) && $row['topic_attachment']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '', 'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), @@ -137,12 +140,25 @@ function mcp_forum_view($id, $mode, $action, $forum_info) 'TOPIC_ICON_IMG_HEIGHT' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['height'] : '', 'UNAPPROVED_IMG' => ($topic_unapproved || $posts_unapproved) ? $user->img('icon_topic_unapproved', ($topic_unapproved) ? 'TOPIC_UNAPPROVED' : 'POSTS_UNAPPROVED') : '', + 'TOPIC_AUTHOR' => get_username_string('username', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), + 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), + 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), + 'U_TOPIC_AUTHOR' => get_username_string('profile', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), + + 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'U_LAST_POST_AUTHOR' => get_username_string('profile', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'TOPIC_TYPE' => $topic_type, 'TOPIC_TITLE' => $topic_title, 'REPLIES' => ($auth->acl_get('m_approve', $row['forum_id'])) ? $row['topic_replies_real'] : $row['topic_replies'], 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), 'TOPIC_ID' => $row['topic_id'], 'S_TOPIC_CHECKED' => ($topic_id_list && in_array($row['topic_id'], $topic_id_list)) ? 'checked="checked" ' : '', + 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), + 'LAST_POST_SUBJECT' => $row['topic_last_post_subject'], + 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), 'S_TOPIC_REPORTED' => (!empty($row['topic_reported']) && $auth->acl_get('m_report', $row['forum_id'])) ? true : false, 'S_TOPIC_UNAPPROVED' => $topic_unapproved, @@ -159,14 +175,13 @@ function mcp_resync_topics($topic_ids) { global $auth, $db, $template, $phpEx, $user, $phpbb_root_path; - if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_'))) + if (!sizeof($topic_ids)) { - return; + trigger_error($user->lang['NO_TOPIC_SELECTED']); } - if (!sizeof($topic_ids)) + if (check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_'))) { - trigger_error($user->lang['NO_TOPIC_SELECTED']); return; } diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index 8b798fc1b2..acfedb583f 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -134,7 +134,7 @@ function mcp_front_view($id, $mode, $action) $global_id = $forum_list[0]; $sql = $db->sql_build_query('SELECT', array( - 'SELECT' => 'r.*, p.post_id, p.post_subject, u.username, t.topic_id, t.topic_title, f.forum_id, f.forum_name', + 'SELECT' => 'r.report_time, p.post_id, p.post_subject, u.username, u.user_colour, u.user_id, t.topic_id, t.topic_title, f.forum_id, f.forum_name', 'FROM' => array( REPORTS_TABLE => 'r', @@ -176,11 +176,14 @@ function mcp_front_view($id, $mode, $action) 'U_MCP_TOPIC' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id'] . "&i=$id&mode=topic_view"), 'U_FORUM' => (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '', 'U_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id']), - 'U_REPORTER' => ($row['user_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), + + 'REPORTER_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), + 'REPORTER' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']), + 'REPORTER_COLOUR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']), + 'U_REPORTER' => get_username_string('profile', $row['user_id'], $row['username'], $row['user_colour']), 'FORUM_NAME' => (!$global_topic) ? $row['forum_name'] : $user->lang['GLOBAL_ANNOUNCEMENT'], 'TOPIC_TITLE' => $row['topic_title'], - 'REPORTER' => ($row['user_id'] == ANONYMOUS) ? $user->lang['GUEST'] : $row['username'], 'SUBJECT' => ($row['post_subject']) ? $row['post_subject'] : $user->lang['NO_SUBJECT'], 'REPORT_TIME' => $user->format_date($row['report_time'])) ); @@ -218,11 +221,11 @@ function mcp_front_view($id, $mode, $action) foreach ($log as $row) { $template->assign_block_vars('log', array( - 'USERNAME' => $row['username'], + 'USERNAME' => $row['username_full'], 'IP' => $row['ip'], 'TIME' => $user->format_date($row['time']), 'ACTION' => $row['action'], - 'U_VIEWTOPIC' => (!empty($row['viewtopic'])) ? $row['viewtopic'] : '', + 'U_VIEW_TOPIC' => (!empty($row['viewtopic'])) ? $row['viewtopic'] : '', 'U_VIEWLOGS' => (!empty($row['viewlogs'])) ? $row['viewlogs'] : '') ); } diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php index f9cf7d27df..44acc10174 100755 --- a/phpBB/includes/mcp/mcp_logs.php +++ b/phpBB/includes/mcp/mcp_logs.php @@ -102,7 +102,7 @@ class mcp_logs // Sorting $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']); - $sort_by_sql = array('u' => 'u.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); + $sort_by_sql = array('u' => 'u.username_clean', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); @@ -146,7 +146,7 @@ class mcp_logs } $template->assign_block_vars('log', array( - 'USERNAME' => $row['username'], + 'USERNAME' => $row['username_full'], 'IP' => $row['ip'], 'DATE' => $user->format_date($row['time']), 'ACTION' => $row['action'], diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 1fe9233ba9..a59d965300 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -207,7 +207,9 @@ function lock_unlock($action, $ids) $l_prefix = 'POST'; } - if (!($forum_id = check_ids($ids, $table, $sql_id, array('m_lock')))) + $orig_ids = $ids; + + if (!check_ids($ids, $table, $sql_id, array('m_lock'))) { // Make sure that for f_user_lock only the lock action is triggered. if ($action != 'lock') @@ -215,13 +217,16 @@ function lock_unlock($action, $ids) return; } - if (!($forum_id = check_ids($ids, $table, $sql_id, array('f_user_lock')))) + $ids = $orig_ids; + + if (!check_ids($ids, $table, $sql_id, array('f_user_lock'))) { return; } } + unset($orig_ids); - $redirect = request_var('redirect', $user->data['session_page']); + $redirect = request_var('redirect', build_url(array('_f_', 'action'))); $s_hidden_fields = build_hidden_fields(array( $sql_id . '_list' => $ids, @@ -241,7 +246,7 @@ function lock_unlock($action, $ids) foreach ($data as $id => $row) { - add_log('mod', $forum_id, $row['topic_id'], 'LOG_' . strtoupper($action), $row['topic_title']); + add_log('mod', $row['forum_id'], $row['topic_id'], 'LOG_' . strtoupper($action), $row['topic_title']); } $success_msg = $l_prefix . ((sizeof($ids) == 1) ? '' : 'S') . '_' . (($action == 'lock' || $action == 'lock_post') ? 'LOCKED' : 'UNLOCKED') . '_SUCCESS'; @@ -272,7 +277,10 @@ function change_topic_type($action, $topic_ids) { global $auth, $user, $db, $phpEx, $phpbb_root_path; - if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('f_announce', 'f_sticky', 'm_')))) + // For changing topic types, we only allow operations in one forum. + $forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('f_announce', 'f_sticky', 'm_'), true); + + if ($forum_id === false) { return; } @@ -420,7 +428,10 @@ function mcp_move_topic($topic_ids) global $auth, $user, $db, $template; global $phpEx, $phpbb_root_path; - if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_move'))) + // Here we limit the operation to one forum only + $forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_move'), true); + + if ($forum_id === false) { return; } @@ -575,12 +586,13 @@ function mcp_delete_topic($topic_ids) { global $auth, $user, $db, $phpEx, $phpbb_root_path; - if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_delete'))) + if (!check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_delete'))) { return; } - $redirect = request_var('redirect', $user->data['session_page']); + $redirect = request_var('redirect', build_url(array('_f_', 'action'))); + $forum_id = request_var('f', 0); $s_hidden_fields = build_hidden_fields(array( 'topic_id_list' => $topic_ids, @@ -598,7 +610,7 @@ function mcp_delete_topic($topic_ids) foreach ($data as $topic_id => $row) { - add_log('mod', $forum_id, 0, 'LOG_TOPIC_DELETED', $row['topic_title']); + add_log('mod', $row['forum_id'], 0, 'LOG_TOPIC_DELETED', $row['topic_title']); } $return = delete_topics('topic_id', $topic_ids); @@ -630,12 +642,13 @@ function mcp_delete_post($post_ids) { global $auth, $user, $db, $phpEx, $phpbb_root_path; - if (!($forum_id = check_ids($post_ids, POSTS_TABLE, 'post_id', 'm_delete'))) + if (!check_ids($post_ids, POSTS_TABLE, 'post_id', array('m_delete'))) { return; } - $redirect = request_var('redirect', $user->data['session_page']); + $redirect = request_var('redirect', build_url(array('_f_', 'action'))); + $forum_id = request_var('f', 0); $s_hidden_fields = build_hidden_fields(array( 'post_id_list' => $post_ids, @@ -649,7 +662,7 @@ function mcp_delete_post($post_ids) { if (!function_exists('delete_posts')) { - include_once($phpbb_root_path . 'includes/functions_admin.'.$phpEx); + include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); } // Count the number of topics that are affected @@ -750,13 +763,14 @@ function mcp_fork_topic($topic_ids) global $auth, $user, $db, $template, $config; global $phpEx, $phpbb_root_path; - if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_'))) + if (!check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_'))) { return; } $to_forum_id = request_var('to_forum_id', 0); - $redirect = request_var('redirect', $user->data['session_page']); + $forum_id = request_var('forum_id', 0); + $redirect = request_var('redirect', build_url(array('_f_', 'action'))); $additional_msg = $success_msg = ''; $s_hidden_fields = build_hidden_fields(array( @@ -835,11 +849,6 @@ function mcp_fork_topic($topic_ids) $new_topic_id = $db->sql_nextid(); $new_topic_id_list[$topic_id] = $new_topic_id; - /** - * @todo enable? (is this still needed?) - * markread('topic', $to_forum_id, $new_topic_id); - */ - if ($topic_row['poll_start']) { $poll_rows = array(); diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php index 302ace9755..84bba18bb7 100755 --- a/phpBB/includes/mcp/mcp_notes.php +++ b/phpBB/includes/mcp/mcp_notes.php @@ -142,6 +142,7 @@ class mcp_notes // get_user_rank($userrow['user_rank'], $userrow['user_posts'], $rank_title, $rank_img); $avatar_img = ''; + if (!empty($userrow['user_avatar'])) { switch ($userrow['user_avatar_type']) @@ -154,14 +155,14 @@ class mcp_notes $avatar_img = $config['avatar_gallery_path'] . '/'; break; } - $avatar_img .= $userrow['user_avatar']; + $avatar_img .= $userrow['user_avatar']; $avatar_img = '<img src="' . $avatar_img . '" width="' . $userrow['user_avatar_width'] . '" height="' . $userrow['user_avatar_height'] . '" alt="" />'; } $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_IP'], 'd' => $user->lang['SORT_ACTION']); - $sort_by_sql = array('a' => 'u.username', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation'); + $sort_by_sql = array('a' => 'u.username_clean', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); @@ -181,7 +182,7 @@ class mcp_notes foreach ($log_data as $row) { $template->assign_block_vars('usernotes', array( - 'REPORT_BY' => $row['username'], + 'REPORT_BY' => $row['username_full'], 'REPORT_AT' => $user->format_date($row['time']), 'ACTION' => $row['action'], 'IP' => $row['ip'], diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 201137a9a4..a1cc7f4331 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -91,7 +91,6 @@ function mcp_post_details($id, $mode, $action) // Set some vars $users_ary = $usernames_ary = array(); $post_id = $post_info['post_id']; - $poster = ($post_info['user_colour']) ? '<span style="color:#' . $post_info['user_colour'] . '">' . $post_info['username'] . '</span>' : $post_info['username']; // Process message, leave it uncensored $message = $post_info['post_text']; @@ -126,7 +125,6 @@ function mcp_post_details($id, $mode, $action) 'U_MCP_USER_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']), 'U_MCP_WARN_USER' => ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']) : '', 'U_VIEW_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&p=' . $post_info['post_id'] . '#p' . $post_info['post_id']), - 'U_VIEW_PROFILE' => ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $post_info['user_id']) : '', 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']), 'RETURN_TOPIC' => sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$post_info['forum_id']}&p=$post_id") . "#p$post_id\">", '</a>'), @@ -136,7 +134,11 @@ function mcp_post_details($id, $mode, $action) 'EDIT_IMG' => $user->img('icon_post_edit', $user->lang['EDIT_POST']), 'SEARCH_IMG' => $user->img('icon_user_search', $user->lang['SEARCH']), - 'POSTER_NAME' => $poster, + 'POST_AUTHOR_FULL' => get_username_string('full', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + 'POST_AUTHOR_COLOUR' => get_username_string('colour', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + 'POST_AUTHOR' => get_username_string('username', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + 'U_POST_AUTHOR' => get_username_string('profile', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + 'POST_PREVIEW' => $message, 'POST_SUBJECT' => $post_info['post_subject'], 'POST_DATE' => $user->format_date($post_info['post_time']), @@ -157,7 +159,7 @@ function mcp_post_details($id, $mode, $action) foreach ($log_data as $row) { $template->assign_block_vars('usernotes', array( - 'REPORT_BY' => $row['username'], + 'REPORT_BY' => $row['username_full'], 'REPORT_AT' => $user->format_date($row['time']), 'ACTION' => $row['action'], 'ID' => $row['id']) @@ -383,6 +385,23 @@ function change_poster(&$post_info, $userdata) $db->sql_query($sql); } + // refresh search cache of this post + $search_type = basename($config['search_type']); + + if (file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) + { + require("{$phpbb_root_path}includes/search/$search_type.$phpEx"); + + // We do some additional checks in the module to ensure it can actually be utilised + $error = false; + $search = new $search_type($error); + + if (!$error && method_exists($search, 'destroy_cache')) + { + $search->destroy_cache(array(), array($post_info['user_id'], $userdata['user_id'])); + } + } + $from_username = $post_info['username']; $to_username = $userdata['username']; diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 0f6fae18ee..df23bcd98f 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -99,14 +99,6 @@ class mcp_queue ); } - // Set some vars - if ($post_info['user_id'] == ANONYMOUS) - { - $poster = ($post_info['post_username']) ? $post_info['post_username'] : $user->lang['GUEST']; - } - - $poster = ($post_info['user_colour']) ? '<span style="color:#' . $post_info['user_colour'] . '">' . $post_info['username'] . '</span>' : $post_info['username']; - // Process message, leave it uncensored $message = $post_info['post_text']; $message = str_replace("\n", '<br />', $message); @@ -133,7 +125,6 @@ class mcp_queue 'U_MCP_USER_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']), 'U_MCP_WARN_USER' => ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']) : '', 'U_VIEW_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&p=' . $post_info['post_id'] . '#p' . $post_info['post_id']), - 'U_VIEW_PROFILE' => ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $post_info['user_id']) : '', 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']), 'RETURN_QUEUE' => sprintf($user->lang['RETURN_QUEUE'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue' . (($topic_id) ? '&mode=unapproved_topics' : '&mode=unapproved_posts')) . "&start=$start\">", '</a>'), @@ -141,7 +132,11 @@ class mcp_queue 'UNAPPROVED_IMG' => $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']), 'EDIT_IMG' => $user->img('icon_post_edit', $user->lang['EDIT_POST']), - 'POSTER_NAME' => $poster, + 'POST_AUTHOR_FULL' => get_username_string('full', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + 'POST_AUTHOR_COLOUR' => get_username_string('colour', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + 'POST_AUTHOR' => get_username_string('username', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + 'U_POST_AUTHOR' => get_username_string('profile', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + 'POST_PREVIEW' => $message, 'POST_SUBJECT' => $post_info['post_subject'], 'POST_DATE' => $user->format_date($post_info['post_time']), @@ -253,7 +248,7 @@ class mcp_queue if (sizeof($post_ids)) { - $sql = 'SELECT t.topic_id, t.topic_title, t.forum_id, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username + $sql = 'SELECT t.topic_id, t.topic_title, t.forum_id, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username, u.user_colour FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . ' AND t.topic_id = p.topic_id @@ -284,7 +279,7 @@ class mcp_queue } else { - $sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, t.topic_title AS post_subject, t.topic_time AS post_time, t.topic_poster AS poster_id, t.topic_first_post_id AS post_id, t.topic_first_poster_name AS username + $sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, t.topic_title AS post_subject, t.topic_time AS post_time, t.topic_poster AS poster_id, t.topic_first_post_id AS post_id, t.topic_first_poster_name AS username, t.topic_first_poster_colour AS user_colour FROM ' . TOPICS_TABLE . " t WHERE forum_id IN (0, $forum_list) AND topic_approved = 0 @@ -322,31 +317,30 @@ class mcp_queue foreach ($rowset as $row) { - if ($row['poster_id'] == ANONYMOUS) - { - $poster = (!empty($row['post_username'])) ? $row['post_username'] : $user->lang['GUEST']; - } - else - { - $poster = $row['username']; - } - $global_topic = ($row['forum_id']) ? false : true; if ($global_topic) { $row['forum_id'] = $global_id; } + if (empty($row['post_username'])) + { + $row['post_username'] = $user->lang['GUEST']; + } + $template->assign_block_vars('postrow', array( 'U_VIEWFORUM' => (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '', 'U_VIEWPOST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&p=' . $row['post_id']) . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''), 'U_VIEW_DETAILS' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&start=$start&mode=approve_details&f={$row['forum_id']}&p={$row['post_id']}" . (($mode == 'unapproved_topics') ? "&t={$row['topic_id']}" : '')), - 'U_VIEWPROFILE' => ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['poster_id']) : '', + + 'POST_AUTHOR_FULL' => get_username_string('full', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), + 'POST_AUTHOR_COLOUR' => get_username_string('colour', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), + 'POST_AUTHOR' => get_username_string('username', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), + 'U_POST_AUTHOR' => get_username_string('profile', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), 'POST_ID' => $row['post_id'], 'FORUM_NAME' => (!$global_topic) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'], 'POST_SUBJECT' => $row['post_subject'], - 'POSTER' => $poster, 'POST_TIME' => $user->format_date($row['post_time'])) ); } @@ -383,19 +377,18 @@ function approve_post($post_id_list, $mode) global $db, $template, $user, $config; global $phpEx, $phpbb_root_path; - if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_approve'))) + if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve'))) { trigger_error('NOT_AUTHORIZED'); } - $redirect = request_var('redirect', $user->data['session_page']); + $redirect = request_var('redirect', build_url(array('_f_'))); $success_msg = ''; $s_hidden_fields = build_hidden_fields(array( 'i' => 'queue', 'mode' => $mode, 'post_id_list' => $post_id_list, - 'f' => $forum_id, 'action' => 'approve', 'redirect' => $redirect) ); @@ -409,8 +402,8 @@ function approve_post($post_id_list, $mode) // If Topic -> total_topics = total_topics+1, total_posts = total_posts+1, forum_topics = forum_topics+1, forum_posts = forum_posts+1 // If Post -> total_posts = total_posts+1, forum_posts = forum_posts+1, topic_replies = topic_replies+1 - $total_topics = $total_posts = $forum_topics = $forum_posts = 0; - $topic_approve_sql = $topic_replies_sql = $post_approve_sql = $topic_id_list = array(); + $total_topics = $total_posts = 0; + $forum_topics_posts = $topic_approve_sql = $topic_replies_sql = $post_approve_sql = $topic_id_list = $forum_id_list = array(); $update_forum_information = false; @@ -418,13 +411,26 @@ function approve_post($post_id_list, $mode) { $topic_id_list[$post_data['topic_id']] = 1; + if ($post_data['forum_id']) + { + $forum_id_list[$post_data['forum_id']] = 1; + } + // Topic or Post. ;) if ($post_data['topic_first_post_id'] == $post_id) { if ($post_data['forum_id']) { + if (!isset($forum_topics_posts[$post_data['forum_id']])) + { + $forum_topics_posts[$post_data['forum_id']] = array( + 'forum_posts' => 0, + 'forum_topics' => 0 + ); + } + $total_topics++; - $forum_topics++; + $forum_topics_posts[$post_data['forum_id']]['forum_topics']++; } $topic_approve_sql[] = $post_data['topic_id']; @@ -433,18 +439,23 @@ function approve_post($post_id_list, $mode) { if (!isset($topic_replies_sql[$post_data['topic_id']])) { - $topic_replies_sql[$post_data['topic_id']] = 1; - } - else - { - $topic_replies_sql[$post_data['topic_id']]++; + $topic_replies_sql[$post_data['topic_id']] = 0; } + $topic_replies_sql[$post_data['topic_id']]++; } if ($post_data['forum_id']) { + if (!isset($forum_topics_posts[$post_data['forum_id']])) + { + $forum_topics_posts[$post_data['forum_id']] = array( + 'forum_posts' => 0, + 'forum_topics' => 0 + ); + } + $total_posts++; - $forum_posts++; + $forum_topics_posts[$post_data['forum_id']]['forum_posts']++; } $post_approve_sql[] = $post_id; @@ -483,16 +494,19 @@ function approve_post($post_id_list, $mode) } } - if ($forum_topics || $forum_posts) + if (sizeof($forum_topics_posts)) { - $sql = 'UPDATE ' . FORUMS_TABLE . ' - SET '; - $sql .= ($forum_topics) ? "forum_topics = forum_topics + $forum_topics" : ''; - $sql .= ($forum_topics && $forum_posts) ? ', ' : ''; - $sql .= ($forum_posts) ? "forum_posts = forum_posts + $forum_posts" : ''; - $sql .= " WHERE forum_id = $forum_id"; + foreach ($forum_topics_posts as $forum_id => $row) + { + $sql = 'UPDATE ' . FORUMS_TABLE . ' + SET '; + $sql .= ($row['forum_topics']) ? "forum_topics = forum_topics + {$row['forum_topics']}" : ''; + $sql .= ($row['forum_topics'] && $row['forum_posts']) ? ', ' : ''; + $sql .= ($row['forum_posts']) ? "forum_posts = forum_posts + {$row['forum_posts']}" : ''; + $sql .= " WHERE forum_id = $forum_id"; - $db->sql_query($sql); + $db->sql_query($sql); + } } if ($total_topics) @@ -510,9 +524,9 @@ function approve_post($post_id_list, $mode) if ($update_forum_information) { - update_post_information('forum', $forum_id); + update_post_information('forum', array_keys($forum_id_list)); } - unset($topic_id_list); + unset($topic_id_list, $forum_id_list); $messenger = new messenger(); @@ -539,17 +553,16 @@ function approve_post($post_id_list, $mode) 'POST_SUBJECT' => htmlspecialchars_decode(censor_text($post_data['post_subject'])), 'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($post_data['topic_title'])), - 'U_VIEW_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t={$post_data['topic_id']}&e=0", - 'U_VIEW_POST' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t={$post_data['topic_id']}&p=$post_id&e=$post_id") + 'U_VIEW_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f={$post_data['forum_id']}&t={$post_data['topic_id']}&e=0", + 'U_VIEW_POST' => generate_board_url() . "/viewtopic.$phpEx?f={$post_data['forum_id']}&t={$post_data['topic_id']}&p=$post_id&e=$post_id") ); $messenger->send($post_data['user_notify_type']); - $messenger->reset(); } - - $messenger->save_queue(); } + $messenger->save_queue(); + // Send out normal user notifications $email_sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']); @@ -558,19 +571,19 @@ function approve_post($post_id_list, $mode) if ($post_id == $post_data['topic_first_post_id'] && $post_id == $post_data['topic_last_post_id']) { // Forum Notifications - user_notification('post', $post_data['topic_title'], $post_data['topic_title'], $post_data['forum_name'], $forum_id, $post_data['topic_id'], $post_id); + user_notification('post', $post_data['topic_title'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id); } else { // Topic Notifications - user_notification('reply', $post_data['post_subject'], $post_data['topic_title'], $post_data['forum_name'], $forum_id, $post_data['topic_id'], $post_id); + user_notification('reply', $post_data['post_subject'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id); } } unset($post_info); - if ($forum_topics) + if ($total_topics) { - $success_msg = ($forum_topics == 1) ? 'TOPIC_APPROVED_SUCCESS' : 'TOPICS_APPROVED_SUCCESS'; + $success_msg = ($total_topics == 1) ? 'TOPIC_APPROVED_SUCCESS' : 'TOPICS_APPROVED_SUCCESS'; } else { @@ -609,12 +622,12 @@ function disapprove_post($post_id_list, $mode) global $db, $template, $user, $config; global $phpEx, $phpbb_root_path; - if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_approve'))) + if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve'))) { trigger_error('NOT_AUTHORIZED'); } - $redirect = request_var('redirect', build_url(array('t', 'mode')) . '&mode=unapproved_topics'); + $redirect = request_var('redirect', build_url(array('t', 'mode', '_f_')) . '&mode=unapproved_topics'); $reason = request_var('reason', '', true); $reason_id = request_var('reason_id', 0); $success_msg = $additional_msg = ''; @@ -623,7 +636,6 @@ function disapprove_post($post_id_list, $mode) 'i' => 'queue', 'mode' => $mode, 'post_id_list' => $post_id_list, - 'f' => $forum_id, 'action' => 'disapprove', 'redirect' => $redirect) ); @@ -660,42 +672,52 @@ function disapprove_post($post_id_list, $mode) // If Topic -> forum_topics_real -= 1 // If Post -> topic_replies_real -= 1 - $forum_topics_real = 0; - $topic_replies_real_sql = $post_disapprove_sql = $topic_id_list = array(); + $num_disapproved = 0; + $forum_topics_real = $topic_id_list = $forum_id_list = $topic_replies_real_sql = $post_disapprove_sql = array(); foreach ($post_info as $post_id => $post_data) { $topic_id_list[$post_data['topic_id']] = 1; + if ($post_data['forum_id']) + { + $forum_id_list[$post_data['forum_id']] = 1; + } + // Topic or Post. ;) if ($post_data['topic_first_post_id'] == $post_id && $post_data['topic_last_post_id'] == $post_id) { if ($post_data['forum_id']) { - $forum_topics_real++; + if (!isset($forum_topics_real[$post_data['forum_id']])) + { + $forum_topics_real[$post_data['forum_id']] = 0; + } + $forum_topics_real[$post_data['forum_id']]++; + $num_disapproved++; } } else { if (!isset($topic_replies_real_sql[$post_data['topic_id']])) { - $topic_replies_real_sql[$post_data['topic_id']] = 1; - } - else - { - $topic_replies_real_sql[$post_data['topic_id']]++; + $topic_replies_real_sql[$post_data['topic_id']] = 0; } + $topic_replies_real_sql[$post_data['topic_id']]++; } $post_disapprove_sql[] = $post_id; } - if ($forum_topics_real) + if (sizeof($forum_topics_real)) { - $sql = 'UPDATE ' . FORUMS_TABLE . " - SET forum_topics_real = forum_topics_real - $forum_topics_real - WHERE forum_id = $forum_id"; - $db->sql_query($sql); + foreach ($forum_topics_real as $forum_id => $topics_real) + { + $sql = 'UPDATE ' . FORUMS_TABLE . " + SET forum_topics_real = forum_topics_real - $topics_real + WHERE forum_id = $forum_id"; + $db->sql_query($sql); + } } if (sizeof($topic_replies_real_sql)) @@ -722,8 +744,12 @@ function disapprove_post($post_id_list, $mode) unset($post_disapprove_sql, $topic_replies_real_sql); update_post_information('topic', array_keys($topic_id_list)); - update_post_information('forum', $forum_id); - unset($topic_id_list); + + if (sizeof($forum_id_list)) + { + update_post_information('forum', array_keys($forum_id_list)); + } + unset($topic_id_list, $forum_id_list); $messenger = new messenger(); @@ -753,16 +779,15 @@ function disapprove_post($post_id_list, $mode) ); $messenger->send($post_data['user_notify_type']); - $messenger->reset(); } - - $messenger->save_queue(); } unset($post_info, $disapprove_reason); - if ($forum_topics_real) + $messenger->save_queue(); + + if (sizeof($forum_topics_real)) { - $success_msg = ($forum_topics_real == 1) ? 'TOPIC_DISAPPROVED_SUCCESS' : 'TOPICS_DISAPPROVED_SUCCESS'; + $success_msg = ($num_disapproved == 1) ? 'TOPIC_DISAPPROVED_SUCCESS' : 'TOPICS_DISAPPROVED_SUCCESS'; } else { diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php index ebd1295090..7a84c872a5 100755 --- a/phpBB/includes/mcp/mcp_reports.php +++ b/phpBB/includes/mcp/mcp_reports.php @@ -64,7 +64,7 @@ class mcp_reports // closed reports are accessed by report id $report_id = request_var('r', 0); - $sql = 'SELECT r.post_id, r.user_id, r.report_closed, report_time, r.report_text, rr.reason_title, rr.reason_description, u.username + $sql = 'SELECT r.post_id, r.user_id, r.report_closed, report_time, r.report_text, rr.reason_title, rr.reason_description, u.username, u.user_colour FROM ' . REPORTS_TABLE . ' r, ' . REPORTS_REASONS_TABLE . ' rr, ' . USERS_TABLE . ' u WHERE ' . (($report_id) ? 'r.report_id = ' . $report_id : "r.post_id = $post_id AND r.report_closed = 0") . ' AND rr.reason_id = r.reason_id @@ -107,14 +107,6 @@ class mcp_reports ); } - // Set some vars - if ($post_info['user_id'] == ANONYMOUS) - { - $poster = ($post_info['post_username']) ? $post_info['post_username'] : $user->lang['GUEST']; - } - - $poster = ($post_info['user_colour']) ? '<span style="color:#' . $post_info['user_colour'] . '">' . $post_info['username'] . '</span>' : $post_info['username']; - // Process message, leave it uncensored $message = $post_info['post_text']; $message = str_replace("\n", '<br />', $message); @@ -129,7 +121,7 @@ class mcp_reports $template->assign_vars(array( 'S_MCP_REPORT' => true, - 'S_CLOSE_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&p=$post_id&f=$forum_id"), + 'S_CLOSE_ACTION' => $this->u_action . '&p=' . $post_id . 'f=' . $forum_id, 'S_CAN_VIEWIP' => $auth->acl_get('m_info', $post_info['forum_id']), 'S_POST_REPORTED' => $post_info['post_reported'], 'S_POST_UNAPPROVED' => !$post_info['post_approved'], @@ -144,22 +136,28 @@ class mcp_reports 'U_MCP_WARN_REPORTER' => ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $report['user_id']) : '', 'U_MCP_WARN_USER' => ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']) : '', 'U_VIEW_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&p=' . $post_info['post_id'] . '#p' . $post_info['post_id']), - 'U_VIEW_PROFILE' => ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $post_info['user_id']) : '', - 'U_VIEW_REPORTER_PROFILE' => ($report['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $report['user_id']) : '', 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']), 'EDIT_IMG' => $user->img('icon_post_edit', $user->lang['EDIT_POST']), 'UNAPPROVED_IMG' => $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']), - 'RETURN_REPORTS' => sprintf($user->lang['RETURN_REPORTS'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports' . (($post_info['post_reported']) ? '&mode=reports' : '&mode=reports_closed') . '&start=' . $start) . '">', '</a>'), + 'RETURN_REPORTS' => sprintf($user->lang['RETURN_REPORTS'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports' . (($post_info['post_reported']) ? '&mode=reports' : '&mode=reports_closed') . '&start=' . $start . '&f=' . $post_info['forum_id']) . '">', '</a>'), 'REPORTED_IMG' => $user->img('icon_topic_reported', $user->lang['POST_REPORTED']), 'REPORT_REASON_TITLE' => $reason['title'], 'REPORT_REASON_DESCRIPTION' => $reason['description'], - 'REPORTER_NAME' => ($report['user_id'] == ANONYMOUS) ? $user->lang['GUEST'] : $report['username'], 'REPORT_DATE' => $user->format_date($report['report_time']), 'REPORT_TEXT' => $report['report_text'], - 'POSTER_NAME' => $poster, + 'POST_AUTHOR_FULL' => get_username_string('full', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + 'POST_AUTHOR_COLOUR' => get_username_string('colour', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + 'POST_AUTHOR' => get_username_string('username', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + 'U_POST_AUTHOR' => get_username_string('profile', $post_info['user_id'], $post_info['username'], $post_info['user_colour'], $post_info['post_username']), + + 'REPORTER_FULL' => get_username_string('full', $report['user_id'], $report['username'], $report['user_colour']), + 'REPORTER_COLOUR' => get_username_string('colour', $report['user_id'], $report['username'], $report['user_colour']), + 'REPORTER_NAME' => get_username_string('username', $report['user_id'], $report['username'], $report['user_colour']), + 'U_VIEW_REPORTER_PROFILE' => get_username_string('profile', $report['user_id'], $report['username'], $report['user_colour']), + 'POST_PREVIEW' => $message, 'POST_SUBJECT' => $post_info['post_subject'], 'POST_DATE' => $user->format_date($post_info['post_time']), @@ -281,7 +279,7 @@ class mcp_reports if (sizeof($report_ids)) { - $sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username, r.user_id as reporter_id, ru.username as reporter_name, r.report_time, r.report_id + $sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username, u.user_colour, r.user_id as reporter_id, ru.username as reporter_name, ru.user_colour as reporter_colour, r.report_time, r.report_id FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u, ' . USERS_TABLE . ' ru WHERE ' . $db->sql_in_set('r.report_id', $report_ids) . ' AND t.topic_id = p.topic_id @@ -293,15 +291,6 @@ class mcp_reports $report_data = $rowset = array(); while ($row = $db->sql_fetchrow($result)) { - if ($row['poster_id'] == ANONYMOUS) - { - $poster = (!empty($row['post_username'])) ? $row['post_username'] : $user->lang['GUEST']; - } - else - { - $poster = $row['username']; - } - $global_topic = ($row['forum_id']) ? false : true; if ($global_topic) { @@ -312,15 +301,21 @@ class mcp_reports 'U_VIEWFORUM' => (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '', 'U_VIEWPOST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&p=' . $row['post_id']) . '#p' . $row['post_id'], 'U_VIEW_DETAILS' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&start=$start&mode=report_details&f={$row['forum_id']}&r={$row['report_id']}"), - 'U_VIEW_POSTER_PROFILE' => ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['poster_id']) : '', - 'U_VIEW_REPORTER_PROFILE' => ($row['reporter_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['reporter_id']) : '', + + 'POST_AUTHOR_FULL' => get_username_string('full', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), + 'POST_AUTHOR_COLOUR' => get_username_string('colour', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), + 'POST_AUTHOR' => get_username_string('username', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), + 'U_POST_AUTHOR' => get_username_string('profile', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), + + 'REPORTER_FULL' => get_username_string('full', $row['reporter_id'], $row['reporter_name'], $row['reporter_colour']), + 'REPORTER_COLOUR' => get_username_string('colour', $row['reporter_id'], $row['reporter_name'], $row['reporter_colour']), + 'REPORTER' => get_username_string('username', $row['reporter_id'], $row['reporter_name'], $row['reporter_colour']), + 'U_REPORTER' => get_username_string('profile', $row['reporter_id'], $row['reporter_name'], $row['reporter_colour']), 'FORUM_NAME' => (!$global_topic) ? $forum_data[$row['forum_id']]['forum_name'] : $user->lang['GLOBAL_ANNOUNCEMENT'], - 'POSTER' => $poster, 'POST_ID' => $row['post_id'], 'POST_SUBJECT' => $row['post_subject'], 'POST_TIME' => $user->format_date($row['post_time']), - 'REPORTER' => ($row['reporter_id'] == ANONYMOUS) ? $user->lang['GUEST'] : $row['reporter_name'], 'REPORT_TIME' => $user->format_date($row['report_time']), 'TOPIC_TITLE' => $row['topic_title']) ); @@ -335,7 +330,7 @@ class mcp_reports 'L_TITLE' => ($mode == 'reports') ? $user->lang['MCP_REPORTS_OPEN'] : $user->lang['MCP_REPORTS_CLOSED'], 'L_ONLY_TOPIC' => ($topic_id) ? sprintf($user->lang['ONLY_TOPIC'], $topic_info['topic_title']) : '', - 'S_MCP_ACTION' => build_url(array('t', 'f', 'sd', 'st', 'sk')), + 'S_MCP_ACTION' => $this->u_action, 'S_FORUM_OPTIONS' => $forum_options, 'S_CLOSED' => ($mode == 'reports_closed') ? true : false, @@ -359,18 +354,22 @@ function close_report($post_id_list, $mode, $action) global $db, $template, $user, $config; global $phpEx, $phpbb_root_path; - if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_report'))) + if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_report'))) { trigger_error('NOT_AUTHORIZED'); } if ($action == 'delete' && strpos($user->data['session_page'], 'mode=report_details') !== false) { - $redirect = request_var('redirect', build_url(array('mode')) . '&mode=reports'); + $redirect = request_var('redirect', build_url(array('mode', '_f_', 'r')) . '&mode=reports'); + } + else if ($action == 'close' && !request_var('r', 0)) + { + $redirect = request_var('redirect', build_url(array('mode', '_f_', 'p')) . '&mode=reports'); } else { - $redirect = request_var('redirect', $user->data['session_page']); + $redirect = request_var('redirect', build_url(array('_f_'))); } $success_msg = ''; @@ -378,7 +377,6 @@ function close_report($post_id_list, $mode, $action) 'i' => 'reports', 'mode' => $mode, 'post_id_list' => $post_id_list, - 'f' => $forum_id, 'action' => $action, 'redirect' => $redirect) ); @@ -496,13 +494,12 @@ function close_report($post_id_list, $mode, $action) ); $messenger->send($reporter['user_notify_type']); - $messenger->reset(); } - - $messenger->save_queue(); } unset($notify_reporters, $post_info); + $messenger->save_queue(); + $success_msg = (sizeof($post_id_list) == 1) ? 'REPORT_' . strtoupper($action) . 'D_SUCCESS' : 'REPORTS_' . strtoupper($action) . 'D_SUCCESS'; } else diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 3b674139e9..ae4ed9850c 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -32,14 +32,12 @@ function mcp_topic_view($id, $mode, $action) // Set up some vars $icon_id = request_var('icon', 0); - $subject = request_var('subject', '', true); + $subject = utf8_normalize_nfc(request_var('subject', '', true)); $start = request_var('start', 0); $to_topic_id = request_var('to_topic_id', 0); $to_forum_id = request_var('to_forum_id', 0); $post_id_list = request_var('post_id_list', array(0)); - utf8_normalize_nfc(&$subject); - // Split Topic? if ($action == 'split_all' || $action == 'split_beyond') { @@ -83,10 +81,11 @@ function mcp_topic_view($id, $mode, $action) $sql = 'SELECT u.username, u.user_colour, p.* FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u - WHERE ' . (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . " - p.topic_id = {$topic_id} + WHERE ' . (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . ' + p.topic_id = ' . $topic_id . ' ' . + ((!$auth->acl_get('m_approve', $topic_info['forum_id'])) ? ' AND p.post_approved = 1 ' : '') . ' AND p.poster_id = u.user_id - ORDER BY $sort_order_sql"; + ORDER BY ' . $sort_order_sql; $result = $db->sql_query_limit($sql, $posts_per_page, $start); $rowset = array(); @@ -107,8 +106,6 @@ function mcp_topic_view($id, $mode, $action) foreach ($rowset as $i => $row) { $has_unapproved_posts = false; - $poster = ($row['poster_id'] != ANONYMOUS) ? $row['username'] : ((!$row['post_username']) ? $user->lang['GUEST'] : $row['post_username']); - $poster = ($row['user_colour']) ? '<span style="color:#' . $row['user_colour'] . '">' . $poster . '</span>' : $poster; $message = $row['post_text']; $post_subject = ($row['post_subject'] != '') ? $row['post_subject'] : $topic_info['topic_title']; @@ -127,7 +124,11 @@ function mcp_topic_view($id, $mode, $action) } $template->assign_block_vars('postrow', array( - 'POSTER_NAME' => $poster, + 'POST_AUTHOR_FULL' => get_username_string('full', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), + 'POST_AUTHOR_COLOUR' => get_username_string('colour', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), + 'POST_AUTHOR' => get_username_string('username', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), + 'U_POST_AUTHOR' => get_username_string('profile', $row['poster_id'], $row['username'], $row['user_colour'], $row['post_username']), + 'POST_DATE' => $user->format_date($row['post_time']), 'POST_SUBJECT' => $post_subject, 'MESSAGE' => $message, @@ -141,8 +142,8 @@ function mcp_topic_view($id, $mode, $action) 'S_CHECKED' => ($post_id_list && in_array(intval($row['post_id']), $post_id_list)) ? true : false, 'U_POST_DETAILS' => "$url&i=$id&p={$row['post_id']}&mode=post_details", - 'U_MCP_APPROVE' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id']), - 'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id'])) + 'U_MCP_APPROVE' => ($auth->acl_get('m_approve', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id']) : '', + 'U_MCP_REPORT' => ($auth->acl_get('m_report', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id']) : '') ); unset($rowset[$i]); @@ -179,7 +180,7 @@ function mcp_topic_view($id, $mode, $action) $template->assign_vars(array( 'TOPIC_TITLE' => $topic_info['topic_title'], - 'U_VIEWTOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_info['forum_id'] . '&t=' . $topic_info['topic_id']), + 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_info['forum_id'] . '&t=' . $topic_info['topic_id']), 'TO_TOPIC_ID' => $to_topic_id, 'TO_TOPIC_INFO' => ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_topic_info['forum_id'] . '&t=' . $to_topic_id) . '">' . $to_topic_info['topic_title'] . '</a>') : '', @@ -198,6 +199,7 @@ function mcp_topic_view($id, $mode, $action) 'S_CAN_DELETE' => ($auth->acl_get('m_delete', $topic_info['forum_id'])) ? true : false, 'S_CAN_APPROVE' => ($has_unapproved_posts && $auth->acl_get('m_approve', $topic_info['forum_id'])) ? true : false, 'S_CAN_LOCK' => ($auth->acl_get('m_lock', $topic_info['forum_id'])) ? true : false, + 'S_CAN_REPORT' => ($auth->acl_get('m_report', $topic_info['forum_id'])) ? true : false, 'S_REPORT_VIEW' => ($action == 'reports') ? true : false, 'S_MERGE_VIEW' => ($action == 'merge') ? true : false, @@ -223,6 +225,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject) global $db, $template, $user, $phpEx, $phpbb_root_path, $auth; $post_id_list = request_var('post_id_list', array(0)); + $forum_id = request_var('forum_id', 0); $start = request_var('start', 0); if (!sizeof($post_id_list)) @@ -231,7 +234,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject) return; } - if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_split'))) + if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_split'))) { return; } @@ -430,7 +433,7 @@ function merge_posts($topic_id, $to_topic_id) return; } - if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_merge'))) + if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_merge'))) { return; } @@ -445,7 +448,6 @@ function merge_posts($topic_id, $to_topic_id) 'action' => 'merge_posts', 'start' => $start, 'redirect' => $redirect, - 'f' => $forum_id, 't' => $topic_id) ); $success_msg = $return_link = ''; @@ -465,7 +467,7 @@ function merge_posts($topic_id, $to_topic_id) if (sizeof($topic_data)) { - $return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $forum_id . '&t=' . $topic_id) . '">', '</a>'); + $return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_data['forum_id'] . '&t=' . $topic_id) . '">', '</a>'); } // Link to the new topic diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index da76dc8b58..ef8d0132fc 100755 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -88,9 +88,12 @@ function mcp_warn_front_view($id, $mode) { $template->assign_block_vars('highest', array( 'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']), - 'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), - 'USERNAME' => $row['username'], + 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), + 'USERNAME' => $row['username'], + 'USERNAME_COLOUR' => ($row['user_colour']) ? '#' . $row['user_colour'] : '', + 'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), + 'WARNING_TIME' => $user->format_date($row['user_last_warning']), 'WARNINGS' => $row['user_warnings'], ) @@ -99,7 +102,7 @@ function mcp_warn_front_view($id, $mode) // And now the 5 most recent users to get in trouble - $sql = 'SELECT u.user_id, u.username, u.user_warnings, w.warning_time + $sql = 'SELECT u.user_id, u.username, u.user_colour, u.user_warnings, w.warning_time FROM ' . USERS_TABLE . ' u, ' . WARNINGS_TABLE . ' w WHERE u.user_id = w.user_id ORDER BY w.warning_time DESC'; @@ -109,9 +112,12 @@ function mcp_warn_front_view($id, $mode) { $template->assign_block_vars('latest', array( 'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']), - 'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), - 'USERNAME' => $row['username'], + 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), + 'USERNAME' => $row['username'], + 'USERNAME_COLOUR' => ($row['user_colour']) ? '#' . $row['user_colour'] : '', + 'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), + 'WARNING_TIME' => $user->format_date($row['warning_time']), 'WARNINGS' => $row['user_warnings'], ) @@ -137,7 +143,7 @@ function mcp_warn_list_view($id, $mode, $action) $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_WARNINGS']); - $sort_by_sql = array('a' => 'username', 'b' => 'user_last_warning', 'c' => 'user_warnings'); + $sort_by_sql = array('a' => 'username_clean', 'b' => 'user_last_warning', 'c' => 'user_warnings'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); @@ -155,9 +161,12 @@ function mcp_warn_list_view($id, $mode, $action) { $template->assign_block_vars('user', array( 'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']), - 'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), - 'USERNAME' => $row['username'], + 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']), + 'USERNAME' => $row['username'], + 'USERNAME_COLOUR' => ($row['user_colour']) ? '#' . $row['user_colour'] : '', + 'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), + 'WARNING_TIME' => $user->format_date($row['user_last_warning']), 'WARNINGS' => $row['user_warnings'], ) @@ -266,6 +275,7 @@ function mcp_warn_post_view($id, $mode, $action) // get_user_rank($userrow['user_rank'], $userrow['user_posts'], $rank_title, $rank_img); $avatar_img = ''; + if (!empty($userrow['user_avatar'])) { switch ($userrow['user_avatar_type']) @@ -278,8 +288,8 @@ function mcp_warn_post_view($id, $mode, $action) $avatar_img = $config['avatar_gallery_path'] . '/'; break; } - $avatar_img .= $userrow['user_avatar']; + $avatar_img .= $userrow['user_avatar']; $avatar_img = '<img src="' . $avatar_img . '" width="' . $userrow['user_avatar_width'] . '" height="' . $userrow['user_avatar_height'] . '" alt="" />'; } @@ -350,6 +360,7 @@ function mcp_warn_user_view($id, $mode, $action) // get_user_rank($userrow['user_rank'], $userrow['user_posts'], $rank_title, $rank_img); $avatar_img = ''; + if (!empty($userrow['user_avatar'])) { switch ($userrow['user_avatar_type']) @@ -362,8 +373,8 @@ function mcp_warn_user_view($id, $mode, $action) $avatar_img = $config['avatar_gallery_path'] . '/'; break; } - $avatar_img .= $userrow['user_avatar']; + $avatar_img .= $userrow['user_avatar']; $avatar_img = '<img src="' . $avatar_img . '" width="' . $userrow['user_avatar_width'] . '" height="' . $userrow['user_avatar_height'] . '" alt="" />'; } diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 6538bd7721..797c2f5cfd 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -86,10 +86,13 @@ class bbcode_firstpass extends bbcode // Add newline at the end and in front of each quote block to prevent parsing errors (urls, smilies, etc.) if (strpos($this->message, '[quote') !== false) { - $in = str_replace("\r\n", "\n", $this->message); + $this->message = str_replace("\r\n", "\n", $this->message); - $this->message = preg_replace(array('#\[quote(=".*?")?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message); - $this->message = preg_replace(array('#\[quote(=".*?")?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message); + // We strip newlines and spaces after and before quotes in quotes (trimming) + $this->message = preg_replace(array('#\[quote(=".*?")?\]([\s|\n]+)#ius', '#([\s|\n]+)\[\/quote\]#ius'), array("[quote\\1]", "[/quote]"), $this->message); + + // Now we add exactly one newline + $this->message = preg_replace(array('#\[quote(=".*?")?\]#is', '#\[\/quote\]#is'), array("[quote\\1]\n", "\n[/quote]"), $this->message); } // Add other checks which needs to be placed before actually parsing anything (be it bbcodes, smilies, urls...) @@ -442,7 +445,7 @@ class bbcode_firstpass extends bbcode } $code = preg_replace('#^<span class="[a-z]+"><span class="([a-z]+)">(.*)</span></span>#s', '<span class="$1">$2</span>', $code); - $code = preg_replace('#(?:[\n\r\s\t]| )*</span>$#', '</span>', $code); + $code = preg_replace('#(?:[\n\r\s\t]| )*</span>$#u', '</span>', $code); // remove newline at the end if (!empty($code) && $code{strlen($code)-1} == "\n") @@ -600,7 +603,7 @@ class bbcode_firstpass extends bbcode $pos = strlen($in); for ($i = 0, $tok_len = strlen($tok); $i < $tok_len; ++$i) { - $tmp_pos = strpos($in, $tok{$i}); + $tmp_pos = strpos($in, $tok[$i]); if ($tmp_pos !== false && $tmp_pos < $pos) { $pos = $tmp_pos; @@ -608,7 +611,7 @@ class bbcode_firstpass extends bbcode } $buffer .= substr($in, 0, $pos); - $tok = $in{$pos}; + $tok = $in[$pos]; $in = substr($in, $pos + 1); if ($tok == ']') @@ -616,10 +619,15 @@ class bbcode_firstpass extends bbcode if ($buffer == '/quote' && sizeof($close_tags)) { // we have found a closing tag - // Add space at the end of the closing tag to allow following urls/smilies to be parsed correctly - $out .= array_pop($close_tags) . '] '; + $out .= array_pop($close_tags) . ']'; $tok = '['; $buffer = ''; + + // Add space at the end of the closing tag if not happened before to allow following urls/smilies to be parsed correctly + if (!$in || $in[0] !== ' ') + { + $out .= ' '; + } } else if (preg_match('#^quote(?:="(.*?)")?$#is', $buffer, $m)) { @@ -656,14 +664,7 @@ class bbcode_firstpass extends bbcode else { $end_tag = array_pop($end_tags); - if ($end_tag != $tag) - { - $error = true; - } - else - { - $error = false; - } + $error = ($end_tag != $tag) ? true : false; } } @@ -696,9 +697,35 @@ class bbcode_firstpass extends bbcode } else { +/** +* Old quote code working fine, but having errors listed in bug #3572 +* +* $out .= $buffer . $tok; +* $tok = ($tok == '[') ? ']' : '[]'; +* $buffer = ''; +*/ + $out .= $buffer . $tok; - // $tok = ($tok == '[') ? ']' : '[]'; - $tok = '[]'; + + if ($tok == '[') + { + // Search the text for the next tok... if an ending quote comes first, then change tok to [] + $pos1 = strpos($in, '[/quote'); + $pos2 = strpos($in, ']'); + + if ($pos1 !== false && ($pos2 === false || $pos1 < $pos2)) + { + $tok = '[]'; + } + else + { + $tok = ']'; + } + } + else + { + $tok = '[]'; + } $buffer = ''; } } @@ -906,14 +933,14 @@ class parse_message extends bbcode_firstpass // Do some general 'cleanup' first before processing message, // e.g. remove excessive newlines(?), smilies(?) // Transform \r\n and \r into \n - $match = array('#\r\n?#', "#([\n][\s]+){3,}#", '#(script|about|applet|activex|chrome):#i'); + $match = array('#\r\n?#', "#([\n][\s]+){3,}#u", '#(script|about|applet|activex|chrome):#i'); $replace = array("\n", "\n\n", "\\1:"); $this->message = preg_replace($match, $replace, trim($this->message)); // Message length check. -1 disables this check completely. if ($config['max_' . $mode . '_chars'] != -1) { - $msg_len = ($mode == 'post') ? utf8_strlen($this->message) : utf8_strlen(preg_replace('#\[\/?[a-z\*\+\-]+(=[\S]+)?\]#is', ' ', $this->message)); + $msg_len = ($mode == 'post') ? utf8_strlen($this->message) : utf8_strlen(preg_replace('#\[\/?[a-z\*\+\-]+(=[\S]+)?\]#ius', ' ', $this->message)); if ((!$msg_len && $mode !== 'sig') || $config['max_' . $mode . '_chars'] && $msg_len > $config['max_' . $mode . '_chars']) { @@ -1138,8 +1165,7 @@ class parse_message extends bbcode_firstpass $error = array(); $num_attachments = sizeof($this->attachment_data); - $this->filename_data['filecomment'] = request_var('filecomment', '', true); - utf8_normalize_nfc(&$this->filename_data['filecomment']); + $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true)); $upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false; $add_file = (isset($_POST['add_file'])) ? true : false; @@ -1256,8 +1282,7 @@ class parse_message extends bbcode_firstpass { if ($edit_comment) { - $actual_comment_list = request_var('comment_list', array(''), true); - utf8_normalize_nfc(&$actual_comment_list); + $actual_comment_list = utf8_normalize_nfc(request_var('comment_list', array(''), true)); $edit_comment = request_var('edit_comment', array(0 => '')); $edit_comment = key($edit_comment); @@ -1322,8 +1347,7 @@ class parse_message extends bbcode_firstpass { global $user, $db, $phpbb_root_path, $phpEx, $config; - $this->filename_data['filecomment'] = request_var('filecomment', '', true); - utf8_normalize_nfc(&$this->filename_data['filecomment']); + $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true)); $attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array(); $this->attachment_data = array(); diff --git a/phpBB/includes/search/fulltext_mysql.php b/phpBB/includes/search/fulltext_mysql.php index 755bd5b814..8a102a321d 100644 --- a/phpBB/includes/search/fulltext_mysql.php +++ b/phpBB/includes/search/fulltext_mysql.php @@ -103,9 +103,9 @@ class fulltext_mysql extends search_backend * Splits keywords entered by a user into an array of words stored in $this->split_words * Stores the tidied search query in $this->search_query * - * @param string $keywords Contains the keyword as entered by the user + * @param string &$keywords Contains the keyword as entered by the user * @param string $terms is either 'all' or 'any' - * @return false if no valid keywords were found and otherwise true + * @return bool false if no valid keywords were found and otherwise true */ function split_keywords(&$keywords, $terms) { @@ -116,7 +116,7 @@ class fulltext_mysql extends search_backend if ($terms == 'all') { - $match = array('#\sand\s#i', '#\sor\s#i', '#\snot\s#i', '#\+#', '#-#', '#\|#'); + $match = array('#\sand\s#iu', '#\sor\s#iu', '#\snot\s#iu', '#\+#', '#-#', '#\|#'); $replace = array(' +', ' |', ' -', ' +', ' -', ' |'); $keywords = preg_replace($match, $replace, $keywords); @@ -215,7 +215,7 @@ class fulltext_mysql extends search_backend /** * Performs a search on keywords depending on display specific params. * - * @param array $id_ary passed by reference, to be filled with ids for the page specified by $start and $per_page, should be ordered + * @param array &$id_ary passed by reference, to be filled with ids for the page specified by $start and $per_page, should be ordered * @param int $start indicates the first index of the page * @param int $per_page number of ids each page is supposed to contain * @return total number of results @@ -412,7 +412,7 @@ class fulltext_mysql extends search_backend /** * Performs a search on an author's posts without caring about message contents. Depends on display specific params * - * @param array $id_ary passed by reference, to be filled with ids for the page specified by $start and $per_page, should be ordered + * @param array &$id_ary passed by reference, to be filled with ids for the page specified by $start and $per_page, should be ordered * @param int $start indicates the first index of the page * @param int $per_page number of ids each page is supposed to contain * @return total number of results diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index b47076228a..df000f5e04 100755 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -39,7 +39,7 @@ class fulltext_native extends search_backend /** * Initialises the fulltext_native search backend with min/max word length and makes sure the UTF-8 normalizer is loaded. * - * @param boolean|string $error is passed by reference and should either be set to false on success or an error message on failure. + * @param boolean|string &$error is passed by reference and should either be set to false on success or an error message on failure. * * @access public */ @@ -173,7 +173,7 @@ class fulltext_native extends search_backend { $words = array(); - preg_match_all('#([^\\s+\\-|()]+)(?:$|[\\s+\\-|()])#', $keywords, $words); + preg_match_all('#([^\\s+\\-|()]+)(?:$|[\\s+\\-|()])#u', $keywords, $words); if (sizeof($words[1])) { $keywords = '(' . implode('|', $words[1]) . ')'; @@ -184,7 +184,7 @@ class fulltext_native extends search_backend $this->search_query = $keywords; $exact_words = array(); - preg_match_all('#([^\\s+\\-|*()]+)(?:$|[\\s+\\-|()])#', $keywords, $exact_words); + preg_match_all('#([^\\s+\\-|*()]+)(?:$|[\\s+\\-|()])#u', $keywords, $exact_words); $exact_words = $exact_words[1]; if (sizeof($exact_words)) @@ -341,17 +341,17 @@ class fulltext_native extends search_backend * Performs a search on keywords depending on display specific params. You have to run split_keywords() first. * * @param string $type contains either posts or topics depending on what should be searched for - * @param string $fields contains either titleonly (topic titles should be searched), msgonly (only message bodies should be searched), firstpost (only subject and body of the first post should be searched) or all (all post bodies and subjects should be searched) - * @param string $terms is either 'all' (use query as entered, words without prefix should default to "have to be in field") or 'any' (ignore search query parts and just return all posts that contain any of the specified words) - * @param array $sort_by_sql contains SQL code for the ORDER BY part of a query - * @param string $sort_key is the key of $sort_by_sql for the selected sorting - * @param string $sort_dir is either a or d representing ASC and DESC - * @param string $sort_days specifies the maximum amount of days a post may be old - * @param array $ex_fid_ary specifies an array of forum ids which should not be searched - * @param array $m_approve_fid_ary specifies an array of forum ids in which the searcher is allowed to view unapproved posts - * @param int $topic_id is set to 0 or a topic id, if it is not 0 then only posts in this topic should be searched - * @param array $author_ary an array of author ids if the author should be ignored during the search the array is empty - * @param array $id_ary passed by reference, to be filled with ids for the page specified by $start and $per_page, should be ordered + * @param string &$fields contains either titleonly (topic titles should be searched), msgonly (only message bodies should be searched), firstpost (only subject and body of the first post should be searched) or all (all post bodies and subjects should be searched) + * @param string &$terms is either 'all' (use query as entered, words without prefix should default to "have to be in field") or 'any' (ignore search query parts and just return all posts that contain any of the specified words) + * @param array &$sort_by_sql contains SQL code for the ORDER BY part of a query + * @param string &$sort_key is the key of $sort_by_sql for the selected sorting + * @param string &$sort_dir is either a or d representing ASC and DESC + * @param string &$sort_days specifies the maximum amount of days a post may be old + * @param array &$ex_fid_ary specifies an array of forum ids which should not be searched + * @param array &$m_approve_fid_ary specifies an array of forum ids in which the searcher is allowed to view unapproved posts + * @param int &$topic_id is set to 0 or a topic id, if it is not 0 then only posts in this topic should be searched + * @param array &$author_ary an array of author ids if the author should be ignored during the search the array is empty + * @param array &$id_ary passed by reference, to be filled with ids for the page specified by $start and $per_page, should be ordered * @param int $start indicates the first index of the page * @param int $per_page number of ids each page is supposed to contain * @return boolean|int total number of results @@ -701,15 +701,15 @@ class fulltext_native extends search_backend * Performs a search on an author's posts without caring about message contents. Depends on display specific params * * @param string $type contains either posts or topics depending on what should be searched for - * @param array $sort_by_sql contains SQL code for the ORDER BY part of a query - * @param string $sort_key is the key of $sort_by_sql for the selected sorting - * @param string $sort_dir is either a or d representing ASC and DESC - * @param string $sort_days specifies the maximum amount of days a post may be old - * @param array $ex_fid_ary specifies an array of forum ids which should not be searched - * @param array $m_approve_fid_ary specifies an array of forum ids in which the searcher is allowed to view unapproved posts - * @param int $topic_id is set to 0 or a topic id, if it is not 0 then only posts in this topic should be searched - * @param array $author_ary an array of author ids - * @param array $id_ary passed by reference, to be filled with ids for the page specified by $start and $per_page, should be ordered + * @param array &$sort_by_sql contains SQL code for the ORDER BY part of a query + * @param string &$sort_key is the key of $sort_by_sql for the selected sorting + * @param string &$sort_dir is either a or d representing ASC and DESC + * @param string &$sort_days specifies the maximum amount of days a post may be old + * @param array &$ex_fid_ary specifies an array of forum ids which should not be searched + * @param array &$m_approve_fid_ary specifies an array of forum ids in which the searcher is allowed to view unapproved posts + * @param int &$topic_id is set to 0 or a topic id, if it is not 0 then only posts in this topic should be searched + * @param array &$author_ary an array of author ids + * @param array &$id_ary passed by reference, to be filled with ids for the page specified by $start and $per_page, should be ordered * @param int $start indicates the first index of the page * @param int $per_page number of ids each page is supposed to contain * @return boolean|int total number of results @@ -996,8 +996,8 @@ class fulltext_native extends search_backend * * @param string $mode Contains the post mode: edit, post, reply, quote * @param int $post_id The id of the post which is modified/created - * @param string $message New or updated post content - * @param string $subject New or updated post subject + * @param string &$message New or updated post content + * @param string &$subject New or updated post subject * @param int $poster_id Post author's user id * @param int $forum_id The id of the forum in which the post is located * @@ -1296,6 +1296,8 @@ class fulltext_native extends search_backend * @param string $allowed_chars String of special chars to allow * @param string $encoding Text encoding * @return string Cleaned up text, only alphanumeric chars are left + * + * @todo normalizer::cleanup being able to be used? */ function cleanup($text, $allowed_chars = null, $encoding = 'utf-8') { @@ -1303,9 +1305,7 @@ class fulltext_native extends search_backend static $conv = array(), $conv_loaded = array(); $words = $allow = array(); - /** - * Convert the text to UTF-8 - */ + // Convert the text to UTF-8 $encoding = strtolower($encoding); if ($encoding != 'utf-8') { @@ -1330,7 +1330,7 @@ class fulltext_native extends search_backend * If we use it more widely, an instance of that class should be held in a * a global variable instead */ - $text = utf_normalizer::nfc($text); + utf_normalizer::nfc($text); /** * The first thing we do is: diff --git a/phpBB/includes/search/search.php b/phpBB/includes/search/search.php index 4c8387bd22..ee9fa0ea98 100755 --- a/phpBB/includes/search/search.php +++ b/phpBB/includes/search/search.php @@ -89,8 +89,8 @@ class search_backend /** * Retrieves cached search results * - * @param int result_count will contain the number of all results for the search (not only for the current page) - * @param array id_ary is filled with the ids belonging to the requested page that are stored in the cache + * @param int &$result_count will contain the number of all results for the search (not only for the current page) + * @param array &$id_ary is filled with the ids belonging to the requested page that are stored in the cache * * @return int SEARCH_RESULT_NOT_IN_CACHE or SEARCH_RESULT_IN_CACHE or SEARCH_RESULT_INCOMPLETE */ @@ -151,7 +151,7 @@ class search_backend /** * Caches post/topic ids * - * @param array id_ary contains a list of post or topic ids that shall be cached, the first element + * @param array &$id_ary contains a list of post or topic ids that shall be cached, the first element * must have the absolute index $start in the result set. */ function save_ids($search_key, $keywords, $author_ary, $result_count, &$id_ary, $start, $sort_dir) diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index b69bcc5f44..ad6a049a65 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -140,7 +140,7 @@ class session { global $phpEx, $SID, $_SID, $db, $config, $phpbb_root_path; - // Give us some basic informations + // Give us some basic information $this->time_now = time(); $this->cookie_data = array('u' => 0, 'k' => ''); $this->update_session_page = $update_session_page; @@ -450,7 +450,6 @@ class session $this->check_ban($this->data['user_id'], $this->ip); } - $this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; $this->data['is_bot'] = ($bot) ? true : false; @@ -471,6 +470,8 @@ class session // Only update session DB a minute or so after last update or if page changes if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) { + $this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now; + $sql_ary = array('session_time' => $this->time_now, 'session_last_visit' => $this->time_now, 'session_admin' => 0); if ($this->update_session_page) @@ -481,6 +482,12 @@ class session $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; $db->sql_query($sql); + + // Update the last visit time + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_lastvisit = ' . (int) $this->data['session_time'] . ' + WHERE user_id = ' . (int) $this->data['user_id']; + $db->sql_query($sql); } $SID = '?sid='; @@ -1032,7 +1039,8 @@ class user extends session /** * If a guest user is surfing, we try to guess his/her language first by obtaining the browser language - * @todo if re-enabled we need to make sure only those languages installed are checked + * If re-enabled we need to make sure only those languages installed are checked + * Commented out so we do not loose the code. if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { @@ -1200,6 +1208,23 @@ class user extends session $this->img_lang = (file_exists($phpbb_root_path . 'styles/' . $this->theme['imageset_path'] . '/imageset/' . $this->lang_name)) ? $this->lang_name : $config['default_lang']; + // Disable board if the install/ directory is still present + // For the brave development army we do not care about this, else we need to comment out this everytime we develop locally + if (!defined('DEBUG_EXTRA') && !defined('ADMIN_START') && !defined('IN_LOGIN') && file_exists($phpbb_root_path . 'install')) + { + // Adjust the message slightly according to the permissions + if ($auth->acl_gets('a_', 'm_')) + { + $message = 'REMOVE_INSTALL'; + } + else + { + $message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE'; + } + + trigger_error($message); + } + // Is board disabled and user not an admin or moderator? if ($config['board_disable'] && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_')) { diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index 36a0b8920b..76a89869f5 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -368,23 +368,12 @@ class template /** * Change already assigned key variable pair (one-dimensional - single loop entry) * - * Some Examples: - * <code> - * alter_block_array('loop', $vararray); // Insert vararray at the beginning - * alter_block_array('loop', $vararray, 2); // Insert vararray at position 2 - * alter_block_array('loop', $vararray, array('KEY' => 'value')); // Insert vararray at the position where the key 'KEY' has the value of 'value' - * alter_block_array('loop', $vararray, false); // Insert vararray at first position - * alter_block_array('loop', $vararray, true); // Insert vararray at last position (assign_block_vars equivalence) + * An example of how to use this function: + * {@example alter_block_array.php} * - * alter_block_array('loop', $vararray, 2, 'change'); // Change/Merge vararray with existing array at position 2 - * alter_block_array('loop', $vararray, array('KEY' => 'value'), 'change'); // Change/Merge vararray with existing array at the position where the key 'KEY' has the value of 'value' - * alter_block_array('loop', $vararray, false, 'change'); // Change/Merge vararray with existing array at first position - * alter_block_array('loop', $vararray, true, 'change'); // Change/Merge vararray with existing array at last position - * </code> - * - * @param string $blockname the blockname, for example 'loop' - * @param array $vararray the var array to insert/add or merge - * @param mixed $key Key to search for + * @param string $blockname the blockname, for example 'loop' + * @param array $vararray the var array to insert/add or merge + * @param mixed $key Key to search for * * array: KEY => VALUE [the key/value pair to search for within the loop to determine the correct position] * @@ -393,7 +382,7 @@ class template * If key is false the position is set to 0 * If key is true the position is set to the last entry * - * @param insert|change $mode Mode to execute + * @param string $mode Mode to execute (valid modes are 'insert' and 'change') * * If insert, the vararray is inserted at the given position (position counting from zero). * If change, the current block gets merged with the vararray (resulting in new key/value pairs be added and existing keys be replaced by the new value). @@ -401,7 +390,7 @@ class template * Since counting begins by zero, inserting at the last position will result in this array: array(vararray, last positioned array) * and inserting at position 1 will result in this array: array(first positioned array, vararray, following vars) * - * @return false on error, true on success + * @return bool false on error, true on success * @access public */ function alter_block_array($blockname, $vararray, $key = false, $mode = 'insert') diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index ad6bde9be7..1536411e9d 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -196,7 +196,6 @@ class ucp_groups ); $messenger->send($row['user_notify_type']); - $messenger->reset(); } $db->sql_freeresult($result); @@ -312,10 +311,11 @@ class ucp_groups // Hide hidden groups unless user is an admin with group privileges $sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')'; + $sql = 'SELECT group_id, group_name, group_desc, group_desc_uid, group_desc_bitfield, group_desc_options, group_type FROM ' . GROUPS_TABLE . ' - WHERE ' . $db->sql_in_set('group_id', $group_id_ary, true) . " - AND group_type $sql_and + WHERE ' . ((sizeof($group_id_ary)) ? $db->sql_in_set('group_id', $group_id_ary, true) . ' AND ' : '') . " + group_type $sql_and ORDER BY group_type DESC, group_name"; $result = $db->sql_query($sql); @@ -574,6 +574,8 @@ class ucp_groups if (isset($group_row['group_avatar']) && $group_row['group_avatar']) { + $avatar_img = ''; + switch ($group_row['group_avatar_type']) { case AVATAR_UPLOAD: @@ -584,8 +586,8 @@ class ucp_groups $avatar_img = $phpbb_root_path . $config['avatar_gallery_path'] . '/'; break; } - $avatar_img .= $group_row['group_avatar']; + $avatar_img .= $group_row['group_avatar']; $avatar_img = '<img src="' . $avatar_img . '" width="' . $group_row['group_avatar_width'] . '" height="' . $group_row['group_avatar_height'] . '" alt="" />'; } else @@ -877,11 +879,12 @@ class ucp_groups } $name_ary = array_unique(explode("\n", $name_ary)); + $group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; $default = request_var('default', 0); // Add user/s to group - if ($error = group_user_add($group_id, false, $name_ary, $group_row['group_name'], $default, 0, 0, $group_row)) + if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, 0, 0, $group_row)) { trigger_error($user->lang[$error] . $return_page); } diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 67e1c4d155..57a8d0f86a 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -125,14 +125,15 @@ class ucp_main } $template->assign_block_vars('topicrow', array( - 'FORUM_ID' => $forum_id, - 'TOPIC_ID' => $topic_id, - 'LAST_POST_SUBJECT' => $row['topic_last_post_subject'], - 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), - 'LAST_POST_AUTHOR' => ($row['topic_last_poster_id'] == ANONYMOUS) ? (($row['topic_last_poster_name'] != '') ? $row['topic_last_poster_name'] . ' ' : $user->lang['GUEST'] . ' ') : $row['topic_last_poster_name'], - 'LAST_POST_AUTHOR_COLOUR' => ($row['topic_last_poster_colour']) ? '#' . $row['topic_last_poster_colour'] : '', - 'TOPIC_TITLE' => censor_text($row['topic_title']), - 'TOPIC_TYPE' => $topic_type, + 'FORUM_ID' => $forum_id, + 'TOPIC_ID' => $topic_id, + 'LAST_POST_SUBJECT' => $row['topic_last_post_subject'], + 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), + 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'TOPIC_TITLE' => censor_text($row['topic_title']), + 'TOPIC_TYPE' => $topic_type, 'LAST_POST_IMG' => $user->img('icon_topic_latest', 'VIEW_LATEST_POST'), 'NEWEST_POST_IMG' => $user->img('icon_topic_newest', 'VIEW_NEWEST_POST'), @@ -144,7 +145,7 @@ class ucp_main 'S_UNREAD' => $unread_topic, 'U_LAST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id&p=" . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'], - 'U_LAST_POST_AUTHOR' => ($row['topic_last_poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', + 'U_LAST_POST_AUTHOR' => get_username_string('profile', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id&view=unread") . '#unread', 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id")) ); @@ -290,16 +291,11 @@ class ucp_main if ($row['forum_last_post_id']) { $last_post_time = $user->format_date($row['forum_last_post_time']); - - $last_poster = ($row['forum_last_poster_name'] != '') ? $row['forum_last_poster_name'] : $user->lang['GUEST']; - $last_poster_colour = ($row['forum_last_poster_colour']) ? '#' . $row['forum_last_poster_colour'] : ''; - $last_poster_url = ($row['forum_last_poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['forum_last_poster_id']); - $last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&p=" . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id']; } else { - $last_post_time = $last_poster = $last_poster_url = $last_post_url = ''; + $last_post_time = $last_post_url = ''; } $template->assign_block_vars('forumrow', array( @@ -312,10 +308,12 @@ class ucp_main 'LAST_POST_IMG' => $user->img('icon_topic_latest', 'VIEW_LATEST_POST'), 'LAST_POST_SUBJECT' => $row['forum_last_post_subject'], 'LAST_POST_TIME' => $last_post_time, - 'LAST_POST_AUTHOR' => $last_poster, - 'LAST_POST_AUTHOR_COLOUR' => $last_poster_colour, - 'U_LAST_POST_AUTHOR' => $last_poster_url, + 'LAST_POST_AUTHOR' => get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), + 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), + 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), + 'U_LAST_POST_AUTHOR' => get_username_string('profile', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), + 'U_LAST_POST' => $last_post_url, 'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id'])) ); @@ -420,7 +418,7 @@ class ucp_main $topic_id = $row['topic_moved_id']; } - // Get folder img, topic status/type related informations + // Get folder img, topic status/type related information $folder_img = $folder_alt = $topic_type = ''; topic_status($row, $replies, $unread_topic, $folder_img, $folder_alt, $topic_type); @@ -430,14 +428,20 @@ class ucp_main $template->assign_block_vars('topicrow', array( 'FORUM_ID' => $forum_id, 'TOPIC_ID' => $topic_id, - 'TOPIC_AUTHOR' => ($row['topic_first_poster_name']) ? $row['topic_first_poster_name'] : $user->lang['GUEST'], - 'TOPIC_AUTHOR_COLOUR' => ($row['topic_first_poster_colour']) ? '#' . $row['topic_first_poster_colour'] : '', 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), 'LAST_POST_SUBJECT' => $row['topic_last_post_subject'], 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), - 'LAST_POST_AUTHOR' => ($row['topic_last_poster_name'] != '') ? $row['topic_last_poster_name'] : $user->lang['GUEST'], - 'LAST_POST_AUTHOR_COLOUR' => ($row['topic_last_poster_colour']) ? '#' . $row['topic_last_poster_colour'] : '', + + 'TOPIC_AUTHOR' => get_username_string('username', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), + 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), + 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), + 'U_TOPIC_AUTHOR' => get_username_string('profile', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), + + 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'U_LAST_POST_AUTHOR' => get_username_string('profile', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'PAGINATION' => topic_generate_pagination($replies, append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . "&t=$topic_id")), 'REPLIES' => $replies, @@ -460,8 +464,6 @@ class ucp_main 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&view=unread") . '#unread', 'U_LAST_POST' => $view_topic_url . '&p=' . $row['topic_last_post_id'] . '#p' . $row['topic_last_post_id'], - 'U_LAST_POST_AUTHOR' => ($row['topic_last_poster_id'] != ANONYMOUS && $row['topic_last_poster_id']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', - 'U_TOPIC_AUTHOR' => ($row['topic_poster'] != ANONYMOUS && $row['topic_poster']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_poster']) : '', 'U_VIEW_TOPIC' => $view_topic_url) ); } @@ -577,7 +579,7 @@ class ucp_main $replies = ($auth->acl_get('m_approve', $forum_id)) ? $row['topic_replies_real'] : $row['topic_replies']; - // Get folder img, topic status/type related informations + // Get folder img, topic status/type related information $folder_img = $folder_alt = $topic_type = ''; $unread_topic = false; @@ -594,14 +596,16 @@ class ucp_main 'S_DELETED_TOPIC' => (!$row['topic_id']) ? true : false, 'S_GLOBAL_TOPIC' => (!$forum_id) ? true : false, - 'TOPIC_AUTHOR' => ($row['topic_first_poster_name']) ? $row['topic_first_poster_name'] : $user->lang['GUEST'], - 'TOPIC_AUTHOR_COLOUR' => ($row['topic_first_poster_colour']) ? '#' . $row['topic_first_poster_colour'] : '', + 'TOPIC_AUTHOR' => get_username_string('username', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), + 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), + 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), 'LAST_POST_SUBJECT' => $row['topic_last_post_subject'], 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), - 'LAST_POST_AUTHOR' => ($row['topic_last_poster_name'] != '') ? $row['topic_last_poster_name'] : $user->lang['GUEST'], - 'LAST_POST_AUTHOR_COLOUR' => ($row['topic_last_poster_colour']) ? '#' . $row['topic_last_poster_colour'] : '', + 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'PAGINATION' => topic_generate_pagination($replies, append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . "&t=$topic_id")), 'POSTED_AT' => $user->format_date($row['topic_time']), @@ -612,8 +616,8 @@ class ucp_main 'LAST_POST_IMG' => $user->img('icon_topic_latest', 'VIEW_LATEST_POST'), 'U_LAST_POST' => $view_topic_url . '&p=' . $row['topic_last_post_id'] . '#p' . $row['topic_last_post_id'], - 'U_LAST_POST_AUTHOR' => ($row['topic_last_poster_id'] != ANONYMOUS && $row['topic_last_poster_id']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', - 'U_TOPIC_AUTHOR' => ($row['topic_poster'] != ANONYMOUS && $row['topic_poster']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_poster']) : '', + 'U_LAST_POST_AUTHOR' => get_username_string('profile', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), + 'U_TOPIC_AUTHOR' => get_username_string('profile', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'U_VIEW_TOPIC' => $view_topic_url, 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id), 'U_MOVE_UP' => ($row['order_id'] != 1) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=main&mode=bookmarks&move_up=' . $row['order_id']) : '', @@ -660,11 +664,9 @@ class ucp_main if ($submit && $edit) { - $draft_subject = request_var('subject', '', true); - $draft_message = request_var('message', '', true); + $draft_subject = utf8_normalize_nfc(request_var('subject', '', true)); + $draft_message = utf8_normalize_nfc(request_var('message', '', true)); - utf8_normalize_nfc(array(&$draft_subject, &$draft_message)); - if ($draft_message && $draft_subject) { $draft_row = array( diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index 14afc81686..b51f265df3 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -10,9 +10,8 @@ /** * Private Message Class * -* @param int $folder display folder with the id used -* @param inbox|outbox|sentbox display folder with the associated name -* +* $_REQUEST['folder'] display folder with the id used +* $_REQUEST['folder'] inbox|outbox|sentbox display folder with the associated name * * Display Messages (default to inbox) - mode=view * Display single message - mode=view&p=[msg_id] or &p=[msg_id] (short linkage) @@ -241,10 +240,11 @@ class ucp_pm } // If new messages arrived, place them into the appropiate folder - $num_not_moved = 0; + $num_not_moved = $num_removed = 0; + if ($user->data['user_new_privmsg'] && $action == 'view_folder') { - place_pm_into_folder($global_privmsgs_rules, request_var('release', 0)); + $return = place_pm_into_folder($global_privmsgs_rules, request_var('release', 0)); $num_not_moved = $user->data['user_new_privmsg']; // Make sure num_not_moved is valid. @@ -257,6 +257,9 @@ class ucp_pm $num_not_moved = $user->data['user_new_privmsg'] = $user->data['user_unread_privmsg'] = 0; } + + // Assign the number of private messages being removed due to rules. + $num_removed = $return['deleted']; } if (!$msg_id && $folder_id == PRIVMSGS_NO_BOX) @@ -351,8 +354,10 @@ class ucp_pm 'CUR_FOLDER_ID' => $folder_id, 'CUR_FOLDER_NAME' => $folder_status['folder_name'], 'NUM_NOT_MOVED' => $num_not_moved, + 'NUM_REMOVED' => $num_removed, 'RELEASE_MESSAGE_INFO' => sprintf($user->lang['RELEASE_MESSAGES'], '<a href="' . $this->u_action . '&folder=' . $folder_id . '&release=1">', '</a>'), 'NOT_MOVED_MESSAGES' => ($num_not_moved == 1) ? $user->lang['NOT_MOVED_MESSAGE'] : sprintf($user->lang['NOT_MOVED_MESSAGES'], $num_not_moved), + 'RULE_REMOVED_MESSAGES' => ($num_removed == 1) ? $user->lang['RULE_REMOVED_MESSAGE'] : sprintf($user->lang['RULE_REMOVED_MESSAGES'], $num_removed), 'S_FOLDER_OPTIONS' => $s_folder_options, 'S_TO_FOLDER_OPTIONS' => $s_to_folder_options, diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 98aa35117b..3cfb2f37a9 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -131,7 +131,7 @@ function compose_pm($id, $mode, $action) } else { - $sql = 'SELECT t.*, p.*, u.username as quote_username + $sql = 'SELECT t.folder_id, p.*, u.username as quote_username FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u WHERE t.user_id = ' . $user->data['user_id'] . " AND p.author_id = u.user_id @@ -147,7 +147,7 @@ function compose_pm($id, $mode, $action) } // check for outbox (not read) status, we do not allow editing if one user already having the message - $sql = 'SELECT p.*, t.* + $sql = 'SELECT p.*, t.folder_id FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p WHERE t.user_id = ' . $user->data['user_id'] . ' AND t.folder_id = ' . PRIVMSGS_OUTBOX . " @@ -302,9 +302,7 @@ function compose_pm($id, $mode, $action) { delete_pm($user->data['user_id'], $msg_id, $folder_id); - /** - * @todo jump to next message in "history"? - */ + // jump to next message in "history"? nope, not for the moment. But able to be included later. $meta_info = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&folder=$folder_id"); $message = $user->lang['MESSAGE_DELETED']; @@ -347,7 +345,7 @@ function compose_pm($id, $mode, $action) WHERE post_msg_id = $msg_id AND in_message = 1 AND is_orphan = 0 - ORDER BY filetime " . ((!$config['display_order']) ? 'DESC' : 'ASC'); + ORDER BY filetime DESC"; $result = $db->sql_query($sql); $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result)); $db->sql_freeresult($result); @@ -396,12 +394,10 @@ function compose_pm($id, $mode, $action) // Save Draft if ($save && $auth->acl_get('u_savedrafts')) { - $subject = request_var('subject', '', true); + $subject = utf8_normalize_nfc(request_var('subject', '', true)); $subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject; - $message = request_var('message', '', true); + $message = utf8_normalize_nfc(request_var('message', '', true)); - utf8_normalize_nfc(array(&$subject, &$message)); - if ($subject && $message) { if (confirm_box(true)) @@ -476,11 +472,9 @@ function compose_pm($id, $mode, $action) if ($submit || $preview || $refresh) { - $subject = request_var('subject', '', true); - $message_parser->message = request_var('message', '', true); + $subject = utf8_normalize_nfc(request_var('subject', '', true)); + $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); - utf8_normalize_nfc(array(&$subject, &$message_parser->message)); - $icon_id = request_var('icon', 0); $enable_bbcode = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true; @@ -756,15 +750,30 @@ function compose_pm($id, $mode, $action) $type = ($type == 'u') ? 'u' : 'g'; $id = (int) $id; - $template->assign_block_vars($field . '_recipient', array( - 'NAME' => ${$type}[$id]['name'], - 'IS_GROUP' => ($type == 'g'), - 'IS_USER' => ($type == 'u'), - 'COLOUR' => (${$type}[$id]['colour']) ? ${$type}[$id]['colour'] : '', + $tpl_ary = array( + 'IS_GROUP' => ($type == 'g') ? true : false, + 'IS_USER' => ($type == 'u') ? true : false, 'UG_ID' => $id, - 'U_VIEW' => ($type == 'u') ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $id) : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $id), - 'TYPE' => $type) + 'NAME' => ${$type}[$id]['name'], + 'COLOUR' => (${$type}[$id]['colour']) ? '#' . ${$type}[$id]['colour'] : '', + 'TYPE' => $type, ); + + if ($type == 'u') + { + $tpl_ary = array_merge($tpl_ary, array( + 'U_VIEW' => get_username_string('profile', $id, ${$type}[$id]['name'], ${$type}[$id]['colour']), + 'NAME_FULL' => get_username_string('full', $id, ${$type}[$id]['name'], ${$type}[$id]['colour']), + )); + } + else + { + $tpl_ary = array_merge($tpl_ary, array( + 'U_VIEW' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $id), + )); + } + + $template->assign_block_vars($field . '_recipient', $tpl_ary); } } } @@ -934,41 +943,35 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_ $friend_list = (is_array($_REQUEST['add_' . $type])) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array(); $user_id_ary = array_merge($user_id_ary, $friend_list); - if (sizeof($user_id_ary)) + foreach ($user_id_ary as $user_id) { - // We need to check their PM status (do they want to receive PM's?) - // Only check if not a moderator or admin, since they are allowed to override this user setting - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + if ($user_id == ANONYMOUS) { - $sql = 'SELECT user_id - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . ' - AND user_allow_pm = 1'; - $result = $db->sql_query($sql); + continue; + } - while ($row = $db->sql_fetchrow($result)) - { - if ($row['user_id'] == ANONYMOUS) - { - continue; - } + $address_list['u'][$user_id] = $type; + } + } - $address_list['u'][$row['user_id']] = $type; - } - $db->sql_freeresult($result); - } - else - { - foreach ($user_id_ary as $user_id) - { - if ($user_id == ANONYMOUS) - { - continue; - } + // Check for disallowed recipients + if (!empty($address_list['u'])) + { + // We need to check their PM status (do they want to receive PM's?) + // Only check if not a moderator or admin, since they are allowed to override this user setting + if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + { + $sql = 'SELECT user_id + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' + AND user_allow_pm = 0'; + $result = $db->sql_query($sql); - $address_list['u'][$user_id] = $type; - } + while ($row = $db->sql_fetchrow($result)) + { + unset($address_list['u'][$row['user_id']]); } + $db->sql_freeresult($result); } } } diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index 9b86553569..9ce7f87740 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -247,12 +247,10 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $rule_option = request_var('rule_option', 0); $cond_option = request_var('cond_option', ''); $action_option = explode('|', request_var('action_option', '')); - $rule_string = ($cond_option != 'none') ? request_var('rule_string', '', true) : ''; + $rule_string = ($cond_option != 'none') ? utf8_normalize_nfc(request_var('rule_string', '', true)) : ''; $rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0; $rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0; - utf8_normalize_nfc(&$rule_string); - $action = (int) $action_option[0]; $folder_id = (int) $action_option[1]; @@ -640,10 +638,8 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule switch ($condition) { case 'text': - $rule_string = request_var('rule_string', '', true); + $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); - utf8_normalize_nfc(&$rule_string); - $template->assign_vars(array( 'S_TEXT_CONDITION' => true, 'CURRENT_STRING' => $rule_string, @@ -656,10 +652,8 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule case 'user': $rule_user_id = request_var('rule_user_id', 0); - $rule_string = request_var('rule_string', '', true); + $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); - utf8_normalize_nfc(&$rule_string); - if ($rule_string && !$rule_user_id) { $sql = 'SELECT user_id @@ -701,10 +695,8 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule case 'group': $rule_group_id = request_var('rule_group_id', 0); - $rule_string = request_var('rule_string', '', true); + $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); - utf8_normalize_nfc(&$rule_string); - $sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')'; $sql = 'SELECT group_id, group_name, group_type FROM ' . GROUPS_TABLE . " diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 862702d7fc..4277639d83 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -163,7 +163,7 @@ function view_folder($id, $mode, $folder_id, $folder) { foreach ($id_ary as $ug_id => $_id) { - $user_colour = ($recipient_list[$type][$ug_id]['colour']) ? ' style="color:#' . $recipient_list[$type][$ug_id]['colour'] . '"' : ''; + $user_colour = ($recipient_list[$type][$ug_id]['colour']) ? ' style="font-weight: bold; color:#' . $recipient_list[$type][$ug_id]['colour'] . '"' : ''; if ($type == 'u') { @@ -191,7 +191,6 @@ function view_folder($id, $mode, $folder_id, $folder) $folder_alt = ($row['pm_unread']) ? 'NEW_MESSAGES' : 'NO_NEW_MESSAGES'; // Generate all URIs ... - $message_author = ($row['author_id'] != ANONYMOUS) ? '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['author_id']) . '">' . $row['username'] . '</a>' : $row['username']; $view_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=view&f=$folder_id&p=$message_id"); $remove_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=compose&action=delete&p=$message_id"); @@ -211,9 +210,13 @@ function view_folder($id, $mode, $folder_id, $folder) $template->assign_block_vars('messagerow', array( 'PM_CLASS' => ($row_indicator) ? 'pm_' . $row_indicator . '_colour' : '', + 'MESSAGE_AUTHOR_FULL' => get_username_string('full', $row['author_id'], $row['username'], $row['user_colour'], $row['username']), + 'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $row['author_id'], $row['username'], $row['user_colour'], $row['username']), + 'MESSAGE_AUTHOR' => get_username_string('username', $row['author_id'], $row['username'], $row['user_colour'], $row['username']), + 'U_MESSAGE_AUTHOR' => get_username_string('profile', $row['author_id'], $row['username'], $row['user_colour'], $row['username']), + 'FOLDER_ID' => $folder_id, 'MESSAGE_ID' => $message_id, - 'MESSAGE_AUTHOR' => $message_author, 'SENT_TIME' => $user->format_date($row['message_time']), 'SUBJECT' => censor_text($row['message_subject']), 'FOLDER' => (isset($folder[$row['folder_id']])) ? $folder[$row['folder_id']]['folder_name'] : '', @@ -437,7 +440,7 @@ function get_pm_from($folder_id, $folder, $user_id) // PM ordering options $limit_days = array(0 => $user->lang['ALL_MESSAGES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']); - $sort_by_sql = array('a' => 'u.username', 't' => 'p.message_time', 's' => 'p.message_subject'); + $sort_by_sql = array('a' => 'u.username_clean', 't' => 'p.message_time', 's' => 'p.message_subject'); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); @@ -516,7 +519,7 @@ function get_pm_from($folder_id, $folder, $user_id) $sql_start = $start; } - $sql = 'SELECT t.*, p.author_id, p.root_level, p.message_time, p.message_subject, p.icon_id, p.to_address, p.message_attachment, p.bcc_address, u.username + $sql = 'SELECT t.*, p.root_level, p.message_time, p.message_subject, p.icon_id, p.to_address, p.message_attachment, p.bcc_address, u.username, u.user_colour FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . " u WHERE t.user_id = $user_id AND p.author_id = u.user_id diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 8da8f0bd18..9a19baa257 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -49,7 +49,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) // Assign TO/BCC Addresses to template write_pm_addresses(array('to' => $message_row['to_address'], 'bcc' => $message_row['bcc_address']), $author_id); - $user_info = get_user_informations($author_id, $message_row); + $user_info = get_user_information($author_id, $message_row); // Parse the message and subject $message = $message_row['message_text']; @@ -92,7 +92,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) FROM ' . ATTACHMENTS_TABLE . " WHERE post_msg_id = $msg_id AND in_message = 1 - ORDER BY filetime " . ((!$config['display_order']) ? 'DESC' : 'ASC') . ', post_msg_id ASC'; + ORDER BY filetime DESC, post_msg_id ASC"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -165,7 +165,11 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm'); $template->assign_vars(array( - 'AUTHOR_NAME' => ($user_info['user_colour']) ? '<span style="color:#' . $user_info['user_colour'] . '">' . $user_info['username'] . '</span>' : $user_info['username'], + 'MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), + 'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), + 'MESSAGE_AUTHOR' => get_username_string('username', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), + 'U_MESSAGE_AUTHOR' => get_username_string('profile', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), + 'AUTHOR_RANK' => $user_info['rank_title'], 'RANK_IMAGE' => $user_info['rank_image'], 'AUTHOR_AVATAR' => (isset($user_info['avatar'])) ? $user_info['avatar'] : '', @@ -192,7 +196,6 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'U_INFO' => ($auth->acl_get('m_info') && $message_row['pm_forwarded']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'mode=pm_details&p=' . $message_row['msg_id'], true, $user->session_id) : '', 'U_DELETE' => ($auth->acl_get('u_pm_delete')) ? "$url&mode=compose&action=delete&f=$folder_id&p=" . $message_row['msg_id'] : '', - 'U_AUTHOR_PROFILE' => ($author_id != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $author_id) : '', 'U_EMAIL' => $user_info['email'], 'U_QUOTE' => ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=quote&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_EDIT' => (($message_row['message_time'] > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit')) ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '', @@ -314,7 +317,6 @@ function message_history($msg_id, $user_id, $message_row, $folder) foreach ($rowset as $id => $row) { $author_id = $row['author_id']; - $author = $row['username']; $folder_id = (int) $row['folder_id']; $subject = $row['message_subject']; @@ -340,7 +342,11 @@ function message_history($msg_id, $user_id, $message_row, $folder) } $template->assign_block_vars('history_row', array( - 'AUTHOR_NAME' => $author, + 'MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $row['username'], $row['user_colour'], $row['username']), + 'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $row['username'], $row['user_colour'], $row['username']), + 'MESSAGE_AUTHOR' => get_username_string('username', $author_id, $row['username'], $row['user_colour'], $row['username']), + 'U_MESSAGE_AUTHOR' => get_username_string('profile', $author_id, $row['username'], $row['user_colour'], $row['username']), + 'SUBJECT' => $subject, 'SENT_DATE' => $user->format_date($row['message_time']), 'MESSAGE' => $message, @@ -351,7 +357,6 @@ function message_history($msg_id, $user_id, $message_row, $folder) 'U_MSG_ID' => $row['msg_id'], 'U_VIEW_MESSAGE' => "$url&f=$folder_id&p=" . $row['msg_id'], - 'U_AUTHOR_PROFILE' => ($author_id != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=viewprofile&u=$author_id") : '', 'U_QUOTE' => ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS && $author_id != $user->data['user_id']) ? "$url&mode=compose&action=quote&f=" . $folder_id . "&p=" . $row['msg_id'] : '', 'U_POST_REPLY_PM' => ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $row['msg_id'] : '') ); @@ -371,9 +376,9 @@ function message_history($msg_id, $user_id, $message_row, $folder) } /** -* Get User Informations (only for message display) +* Get user information (only for message display) */ -function get_user_informations($user_id, $user_row) +function get_user_information($user_id, $user_row) { global $db, $auth, $user, $cache; global $phpbb_root_path, $phpEx, $config; @@ -421,6 +426,7 @@ function get_user_informations($user_id, $user_row) if ($user_row['user_avatar'] && $user->optionget('viewavatars')) { $avatar_img = ''; + switch ($user_row['user_avatar_type']) { case AVATAR_UPLOAD: @@ -431,8 +437,8 @@ function get_user_informations($user_id, $user_row) $avatar_img = $config['avatar_gallery_path'] . '/'; break; } - $avatar_img .= $user_row['user_avatar']; + $avatar_img .= $user_row['user_avatar']; $user_row['avatar'] = '<img src="' . $avatar_img . '" width="' . $user_row['user_avatar_width'] . '" height="' . $user_row['user_avatar_height'] . '" alt="' . $user->lang['USER_AVATAR'] . '" />'; } diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 378562a2dd..e72673c023 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -31,7 +31,7 @@ class ucp_prefs $data = array( 'notifymethod' => request_var('notifymethod', $user->data['user_notify_type']), - 'dateformat' => request_var('dateformat', $user->data['user_dateformat']), + 'dateformat' => request_var('dateformat', $user->data['user_dateformat'], true), 'lang' => request_var('lang', $user->data['user_lang']), 'style' => request_var('style', (int) $user->data['user_style']), 'tz' => request_var('tz', (float) $user->data['user_timezone']), @@ -128,11 +128,11 @@ class ucp_prefs 'DEFAULT_DATEFORMAT' => $config['default_dateformat'], 'A_DEFAULT_DATEFORMAT' => addslashes($config['default_dateformat']), - 'S_LANG_OPTIONS' => language_select($data['lang']), - 'S_STYLE_OPTIONS' => ($config['override_user_style']) ? '' : style_select($data['style']), - 'S_TZ_OPTIONS' => tz_select($data['tz']), - 'S_CAN_HIDE_ONLINE' => ($auth->acl_get('u_hideonline')) ? true : false, - 'S_SELECT_NOTIFY' => ($config['jab_enable'] && $user->data['user_jabber'] && @extension_loaded('xml')) ? true : false) + 'S_LANG_OPTIONS' => language_select($data['lang']), + 'S_STYLE_OPTIONS' => ($config['override_user_style']) ? '' : style_select($data['style']), + 'S_TZ_OPTIONS' => tz_select($data['tz'], true), + 'S_CAN_HIDE_ONLINE' => ($auth->acl_get('u_hideonline')) ? true : false, + 'S_SELECT_NOTIFY' => ($config['jab_enable'] && $user->data['user_jabber'] && @extension_loaded('xml')) ? true : false) ); break; @@ -140,13 +140,13 @@ class ucp_prefs case 'view': $data = array( - 'topic_sk' => (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't', - 'topic_sd' => (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd', - 'topic_st' => (!empty($user->data['user_topic_show_days'])) ? $user->data['user_topic_show_days'] : 0, + 'topic_sk' => request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'), + 'topic_sd' => request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'), + 'topic_st' => request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? $user->data['user_topic_show_days'] : 0), - 'post_sk' => (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't', - 'post_sd' => (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a', - 'post_st' => (!empty($user->data['user_post_show_days'])) ? $user->data['user_post_show_days'] : 0, + 'post_sk' => request_var('post_sk', (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'), + 'post_sd' => request_var('post_sd', (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a'), + 'post_st' => request_var('post_st', (!empty($user->data['user_post_show_days'])) ? $user->data['user_post_show_days'] : 0), 'images' => request_var('images', (bool) $user->optionget('viewimg')), 'flash' => request_var('flash', (bool) $user->optionget('viewflash')), diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 840f63ff48..29055f0d89 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -35,8 +35,8 @@ class ucp_profile $data = array( 'username' => request_var('username', $user->data['username'], true), - 'email' => request_var('email', $user->data['user_email']), - 'email_confirm' => request_var('email_confirm', ''), + 'email' => strtolower(request_var('email', $user->data['user_email'])), + 'email_confirm' => strtolower(request_var('email_confirm', '')), 'new_password' => request_var('new_password', '', true), 'cur_password' => request_var('cur_password', '', true), 'password_confirm' => request_var('password_confirm', '', true), @@ -93,7 +93,7 @@ class ucp_profile 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'], 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'], 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], - 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32(strtolower($data['email'])) . strlen($data['email']) : $user->data['user_email_hash'], + 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32($data['email']) . strlen($data['email']) : $user->data['user_email_hash'], 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? md5($data['new_password']) : $user->data['user_password'], 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0, ); @@ -125,7 +125,7 @@ class ucp_profile $key_len = ($key_len > 6) ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); - $messenger = new messenger(); + $messenger = new messenger(false); $template_file = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? 'user_activate_inactive' : 'user_activate'; $messenger->template($template_file, $user->data['user_lang']); @@ -139,7 +139,7 @@ class ucp_profile $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($username), + 'USERNAME' => htmlspecialchars_decode($data['username']), 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey") ); @@ -172,8 +172,9 @@ class ucp_profile $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($username), - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey") + 'USERNAME' => htmlspecialchars_decode($data['username']), + 'U_USER_DETAILS' => "$server_url/memberlist.$phpEx?mode=viewprofile&u={$user->data['user_id']}", + 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey") ); $messenger->send($row['user_notify_type']); @@ -181,8 +182,6 @@ class ucp_profile $db->sql_freeresult($result); } - $messenger->save_queue(); - user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE); $sql_ary += array( @@ -250,16 +249,14 @@ class ucp_profile 'yim' => request_var('yim', $user->data['user_yim']), 'jabber' => request_var('jabber', $user->data['user_jabber']), 'website' => request_var('website', $user->data['user_website']), - 'location' => request_var('location', $user->data['user_from'], true), - 'occupation' => request_var('occupation', $user->data['user_occ'], true), - 'interests' => request_var('interests', $user->data['user_interests'], true), + 'location' => utf8_normalize_nfc(request_var('location', $user->data['user_from'], true)), + 'occupation' => utf8_normalize_nfc(request_var('occupation', $user->data['user_occ'], true)), + 'interests' => utf8_normalize_nfc(request_var('interests', $user->data['user_interests'], true)), 'bday_day' => 0, 'bday_month' => 0, 'bday_year' => 0, ); - utf8_normalize_nfc(array(&$data['location'], &$data['occupation'], &$data['interests'])); - if ($user->data['user_birthday']) { list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']); @@ -412,9 +409,7 @@ class ucp_profile $enable_bbcode = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $user->optionget('bbcode')) : false; $enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $user->optionget('smilies')) : false; $enable_urls = request_var('enable_urls', true); - $signature = request_var('signature', (string) $user->data['user_sig'], true); - - utf8_normalize_nfc(&$signature); + $signature = utf8_normalize_nfc(request_var('signature', (string) $user->data['user_sig'], true)); if ($submit || $preview) { @@ -608,8 +603,8 @@ class ucp_profile $avatar_img = $phpbb_root_path . $config['avatar_gallery_path'] . '/'; break; } - $avatar_img .= $user->data['user_avatar']; + $avatar_img .= $user->data['user_avatar']; $avatar_img = '<img src="' . $avatar_img . '" width="' . $user->data['user_avatar_width'] . '" height="' . $user->data['user_avatar_height'] . '" alt="" />'; } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 1e8ff69733..fcbc2675f8 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -100,13 +100,22 @@ class ucp_register return; } - // Try to manually determine the timezone + // Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1 $timezone = date('Z') / 3600; $is_dst = date('I'); - $timezone = ($is_dst) ? $timezone - 1 : $timezone; - if (!isset($user->lang['tz_zones'][(string) $timezone])) + if ($config['board_timezone'] == $timezone || $config['board_timezone'] == ($timezone - 1)) { + $timezone = ($is_dst) ? $timezone - 1 : $timezone; + + if (!isset($user->lang['tz_zones'][(string) $timezone])) + { + $timezone = $config['board_timezone']; + } + } + else + { + $is_dst = $config['board_dst']; $timezone = $config['board_timezone']; } @@ -115,8 +124,8 @@ class ucp_register 'password_confirm' => request_var('password_confirm', '', true), 'new_password' => request_var('new_password', '', true), 'cur_password' => request_var('cur_password', '', true), - 'email' => request_var('email', ''), - 'email_confirm' => request_var('email_confirm', ''), + 'email' => strtolower(request_var('email', '')), + 'email_confirm' => strtolower(request_var('email_confirm', '')), 'confirm_code' => request_var('confirm_code', ''), 'lang' => request_var('lang', $user->lang_name), 'tz' => request_var('tz', (float) $timezone), @@ -364,8 +373,9 @@ class ucp_register $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($data['username']), - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey") + 'USERNAME' => htmlspecialchars_decode($data['username']), + 'U_USER_DETAILS' => "$server_url/memberlist.$phpEx?mode=viewprofile&u=$user_id", + 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey") ); $messenger->send($row['user_notify_type']); diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 7ce82093ca..924c096e04 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -23,7 +23,7 @@ class ucp_remind global $db, $user, $auth, $template; $username = request_var('username', '', true); - $email = request_var('email', ''); + $email = strtolower(request_var('email', '')); $submit = (isset($_POST['submit'])) ? true : false; if ($submit) diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 62e796bc4b..fe5801b37d 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -23,7 +23,7 @@ class ucp_resend global $db, $user, $auth, $template; $username = request_var('username', '', true); - $email = request_var('email', ''); + $email = strtolower(request_var('email', '')); $submit = (isset($_POST['submit'])) ? true : false; if ($submit) @@ -112,8 +112,9 @@ class ucp_resend $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($user_row['username']), - 'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}") + 'USERNAME' => htmlspecialchars_decode($user_row['username']), + 'U_USER_DETAILS' => "$server_url/memberlist.$phpEx?mode=viewprofile&u={$user->data['user_id']}", + 'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}") ); $messenger->send($row['user_notify_type']); diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php index 2548037b10..b65ba2fd29 100644 --- a/phpBB/includes/ucp/ucp_zebra.php +++ b/phpBB/includes/ucp/ucp_zebra.php @@ -202,7 +202,7 @@ class ucp_zebra WHERE z.user_id = ' . $user->data['user_id'] . " AND $sql_and AND u.user_id = z.zebra_id - ORDER BY u.username ASC"; + ORDER BY u.username_clean ASC"; $result = $db->sql_query($sql); $s_username_options = ''; diff --git a/phpBB/includes/utf/utf_normalizer.php b/phpBB/includes/utf/utf_normalizer.php index 0d1d74539a..542c1aeeb8 100644 --- a/phpBB/includes/utf/utf_normalizer.php +++ b/phpBB/includes/utf/utf_normalizer.php @@ -67,10 +67,10 @@ class utf_normalizer * The ultimate convenience function! Clean up invalid UTF-8 sequences, * and convert to Normal Form C, canonical composition. * - * @param string $str The dirty string + * @param string &$str The dirty string * @return string The same string, all shiny and cleaned-up */ - function cleanup($str) + function cleanup(&$str) { // The string below is the list of all autorized characters, sorted by frequency in latin text $pos = strspn($str, "\x20\x65\x69\x61\x73\x6E\x74\x72\x6F\x6C\x75\x64\x5D\x5B\x63\x6D\x70\x27\x0A\x67\x7C\x68\x76\x2E\x66\x62\x2C\x3A\x3D\x2D\x71\x31\x30\x43\x32\x2A\x79\x78\x29\x28\x4C\x39\x41\x53\x2F\x50\x22\x45\x6A\x4D\x49\x6B\x33\x3E\x35\x54\x3C\x44\x34\x7D\x42\x7B\x38\x46\x77\x52\x36\x37\x55\x47\x4E\x3B\x4A\x7A\x56\x23\x48\x4F\x57\x5F\x26\x21\x4B\x3F\x58\x51\x25\x59\x5C\x09\x5A\x2B\x7E\x5E\x24\x40\x60\x7F\x0D"); @@ -79,7 +79,7 @@ class utf_normalizer if ($pos == $len) { // ASCII strings with no special chars return immediately - return $str; + return; } // Note: we do not check for $GLOBALS['utf_canonical_decomp']. It is assumed they are always loaded together @@ -91,23 +91,22 @@ class utf_normalizer // Replace any byte in the range 0x00..0x1F, except for \r, \n and \t // We replace those characters with a 0xFF byte, which is illegal in UTF-8 and will in turn be replaced with a UTF replacement char - return utf_normalizer::recompose( - strtr( - $str, - "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", - "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" - ), - $pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp'] + $str = strtr( + $str, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", + "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" ); + + $str = utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp']); } /** * Validate and normalize a UTF string to NFC * - * @param string $str Unchecked UTF string + * @param string &$str Unchecked UTF string * @return string The string, validated and in normal form */ - function nfc($str) + function nfc(&$str) { $pos = strspn($str, UTF8_ASCII_RANGE); $len = strlen($str); @@ -115,7 +114,7 @@ class utf_normalizer if ($pos == $len) { // ASCII strings return immediately - return $str; + return; } if (!isset($GLOBALS['utf_nfc_qc'])) @@ -124,16 +123,16 @@ class utf_normalizer include($phpbb_root_path . 'includes/utf/data/utf_nfc_qc.' . $phpEx); } - return utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp']); + $str = utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp']); } /** * Validate and normalize a UTF string to NFKC * - * @param string $str Unchecked UTF string + * @param string &$str Unchecked UTF string * @return string The string, validated and in normal form */ - function nfkc($str) + function nfkc(&$str) { $pos = strspn($str, UTF8_ASCII_RANGE); $len = strlen($str); @@ -141,7 +140,7 @@ class utf_normalizer if ($pos == $len) { // ASCII strings return immediately - return $str; + return; } if (!isset($GLOBALS['utf_nfkc_qc'])) @@ -156,16 +155,16 @@ class utf_normalizer include($phpbb_root_path . 'includes/utf/data/utf_canonical_comp.' . $phpEx); } - return utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfkc_qc'], $GLOBALS['utf_compatibility_decomp']); + $str = utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfkc_qc'], $GLOBALS['utf_compatibility_decomp']); } /** * Validate and normalize a UTF string to NFD * - * @param string $str Unchecked UTF string + * @param string &$str Unchecked UTF string * @return string The string, validated and in normal form */ - function nfd($str) + function nfd(&$str) { $pos = strspn($str, UTF8_ASCII_RANGE); $len = strlen($str); @@ -173,7 +172,7 @@ class utf_normalizer if ($pos == $len) { // ASCII strings return immediately - return $str; + return; } if (!isset($GLOBALS['utf_canonical_decomp'])) @@ -182,16 +181,16 @@ class utf_normalizer include($phpbb_root_path . 'includes/utf/data/utf_canonical_decomp.' . $phpEx); } - return utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_canonical_decomp']); + $str = utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_canonical_decomp']); } /** * Validate and normalize a UTF string to NFKD * - * @param string $str Unchecked UTF string + * @param string &$str Unchecked UTF string * @return string The string, validated and in normal form */ - function nfkd($str) + function nfkd(&$str) { $pos = strspn($str, UTF8_ASCII_RANGE); $len = strlen($str); @@ -199,7 +198,7 @@ class utf_normalizer if ($pos == $len) { // ASCII strings return immediately - return $str; + return; } if (!isset($GLOBALS['utf_compatibility_decomp'])) @@ -208,19 +207,19 @@ class utf_normalizer include($phpbb_root_path . 'includes/utf/data/utf_compatibility_decomp.' . $phpEx); } - return utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_compatibility_decomp']); + $str = utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_compatibility_decomp']); } /** * Recompose a UTF string * - * @param string $str Unchecked UTF string - * @param integer $pos Position of the first UTF char (in bytes) - * @param integer $len Length of the string (in bytes) - * @param array $qc Quick-check array, passed by reference but never modified - * @param array $decomp_map Decomposition mapping, passed by reference but never modified - * @return string The string, validated and recomposed + * @param string $str Unchecked UTF string + * @param integer $pos Position of the first UTF char (in bytes) + * @param integer $len Length of the string (in bytes) + * @param array &$qc Quick-check array, passed by reference but never modified + * @param array &$decomp_map Decomposition mapping, passed by reference but never modified + * @return string The string, validated and recomposed * * @access private */ @@ -239,14 +238,7 @@ class utf_normalizer $tmp = ''; $i = $tmp_pos = $last_cc = 0; - if ($pos) - { - $buffer = array(++$i => $str[$pos - 1]); - } - else - { - $buffer = array(); - } + $buffer = ($pos) ? array(++$i => $str[$pos - 1]) : array(); // UTF char length array // This array is used to determine the length of a UTF character. @@ -327,16 +319,11 @@ class utf_normalizer // has been encoded in a five- or six- byte sequence if ($utf_char[0] >= "\xF8") { - if ($utf_char[0] < "\xF8") - { - $trailing_bytes = 3; - } - else if ($utf_char[0] < "\xFC") + if ($utf_char[0] < "\xFC") { $trailing_bytes = 4; } - - if ($utf_char[0] > "\xFD") + else if ($utf_char[0] > "\xFD") { $trailing_bytes = 0; } @@ -923,17 +910,17 @@ class utf_normalizer /** * Decompose a UTF string * - * @param string $str UTF string - * @param integer $pos Position of the first UTF char (in bytes) - * @param integer $len Length of the string (in bytes) - * @param array $decomp_map Decomposition mapping, passed by reference but never modified - * @return string The string, decomposed and sorted canonically + * @param string $str UTF string + * @param integer $pos Position of the first UTF char (in bytes) + * @param integer $len Length of the string (in bytes) + * @param array &$decomp_map Decomposition mapping, passed by reference but never modified + * @return string The string, decomposed and sorted canonically * * @access private */ function decompose($str, $pos, $len, &$decomp_map) { - global $utf_combining_class, $utf_canonical_decomp, $phpbb_root_path; + global $utf_combining_class, $phpbb_root_path; // Load some commonly-used tables if (!isset($utf_combining_class)) @@ -1011,7 +998,7 @@ class utf_normalizer ksort($utf_sort); } - foreach($utf_sort as $utf_chars) + foreach ($utf_sort as $utf_chars) { $tmp .= implode('', $utf_chars); } @@ -1365,17 +1352,17 @@ class utf_normalizer // LIndex can only range from 0 to 18, therefore it cannot influence the first two bytes of the L Jamo, which allows us to hardcode them (based on LBase). // // The same goes for VIndex, but for TIndex there's a catch: the value of the third byte could exceed 0xBF and we would have to increment the second byte - if ($tIndex = $idx % UNICODE_HANGUL_TCOUNT) + if ($t_index = $idx % UNICODE_HANGUL_TCOUNT) { - if ($tIndex < 25) + if ($t_index < 25) { $utf_char = "\xE1\x84\x00\xE1\x85\x00\xE1\x86\x00"; - $utf_char[8] = chr(0xA7 + $tIndex); + $utf_char[8] = chr(0xA7 + $t_index); } else { $utf_char = "\xE1\x84\x00\xE1\x85\x00\xE1\x87\x00"; - $utf_char[8] = chr(0x67 + $tIndex); + $utf_char[8] = chr(0x67 + $t_index); } } else @@ -1478,7 +1465,6 @@ class utf_normalizer } return $tmp; - } else if ($tmp_pos) { diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php index b91fd51c20..4c6c26909a 100644 --- a/phpBB/includes/utf/utf_tools.php +++ b/phpBB/includes/utf/utf_tools.php @@ -7,9 +7,8 @@ * @license http://opensource.org/licenses/gpl-license.php GNU Public License * * @todo make sure the replacements are called correctly -* already done: strtolower, strtoupper, ucfirst, str_split, strrpos, strlen (hopefully!), strpos, substr -* remaining: clean_username, htmlentities (no longer needed for internal data?), htmlspecialchars (using charset) -* strspn, chr, ord +* already done: strtolower, strtoupper, ucfirst, str_split, strrpos, strlen (hopefully!), strpos, substr, htmlspecialchars +* remaining: strspn, chr, ord */ /** @@ -63,7 +62,7 @@ if (!extension_loaded('xml')) /** * Implementation of PHP's native utf8_decode for people without XML support * - * @param string $string UTF-8 encoded data + * @param string $str UTF-8 encoded data * @return string ISO-8859-1 encoded data */ function utf8_decode($str) @@ -126,7 +125,14 @@ if (extension_loaded('mbstring')) return false; } - return mb_strrpos($str, $search); + if (is_null($offset)) + { + return mb_strrpos($str, $needle); + } + else + { + return mb_strrpos($str, $needle, $offset); + } } } else @@ -138,7 +144,7 @@ if (extension_loaded('mbstring')) function utf8_strrpos($str, $needle, $offset = null) { // offset for mb_strrpos was added in 5.2.0 - if ($offset === false) + if (is_null($offset)) { // Emulate behaviour of strrpos rather than raising warning if (empty($str)) @@ -146,7 +152,7 @@ if (extension_loaded('mbstring')) return false; } - return mb_strrpos($str, $search); + return mb_strrpos($str, $needle); } else { @@ -158,7 +164,7 @@ if (extension_loaded('mbstring')) $str = mb_substr($str, $offset); - if (false !== ($pos = mb_strrpos($str, $search))) + if (false !== ($pos = mb_strrpos($str, $needle))) { return $pos + $offset; } @@ -174,7 +180,7 @@ if (extension_loaded('mbstring')) */ function utf8_strpos($str, $needle, $offset = null) { - if ($offset === false) + if (is_null($offset)) { return mb_strpos($str, $needle); } @@ -206,9 +212,9 @@ if (extension_loaded('mbstring')) * UTF-8 aware alternative to substr * @ignore */ - function utf8_substr($str, $offset, $length = null) + function utf8_substr($str, $offset, $length = null) { - if ($length === false) + if (is_null($length)) { return mb_substr($str, $offset); } @@ -234,9 +240,9 @@ else * Find position of last occurrence of a char in a string * * @author Harry Fuecks - * @param string haystack - * @param string needle - * @param integer (optional) offset (from left) + * @param string $str haystack + * @param string $needle needle + * @param integer $offset (optional) offset (from left) * @return mixed integer position or FALSE on failure */ function utf8_strrpos($str, $needle, $offset = null) @@ -279,9 +285,9 @@ else * Find position of first occurrence of a string * * @author Harry Fuecks - * @param string haystack - * @param string needle - * @param integer offset in characters (from left) + * @param string $str haystack + * @param string $needle needle + * @param integer $offset offset in characters (from left) * @return mixed integer position or FALSE on failure */ function utf8_strpos($str, $needle, $offset = null) @@ -482,9 +488,9 @@ else * necessary. It isn't necessary for +ve offsets and no specified length * * @author Chris Smith<chris@jalakai.co.uk> - * @param string - * @param integer number of UTF-8 characters offset (from left) - * @param integer (optional) length in UTF-8 characters from offset + * @param string $str + * @param integer $offset number of UTF-8 characters offset (from left) + * @param integer $length (optional) length in UTF-8 characters from offset * @return mixed string or FALSE if failure */ function utf8_substr($str, $offset, $length = NULL) @@ -624,8 +630,8 @@ else * Convert a string to an array * * @author Harry Fuecks -* @param string UTF-8 encoded -* @param int number to characters to split string by +* @param string $str UTF-8 encoded +* @param int $split_len number to characters to split string by * @return string characters in string reverses */ function utf8_str_split($str, $split_len = 1) @@ -650,8 +656,6 @@ function utf8_str_split($str, $split_len = 1) * Find length of initial segment not matching mask * * @author Harry Fuecks -* @param string -* @return int */ function utf8_strspn($str, $mask, $start = null, $length = null) { @@ -831,8 +835,8 @@ function utf8_ord($chr) /** * Converts an NCR to a UTF-8 char * -* @param integer $cp UNICODE code point -* @return string UTF-8 char +* @param int $cp UNICODE code point +* @return string UTF-8 char */ function utf8_chr($cp) { @@ -858,9 +862,8 @@ function utf8_chr($cp) * Convert Numeric Character References to UTF-8 chars * * Notes: -* - we do not convert NCRs recursively, if you pass &#38; it will return & -* - we DO NOT check for the existence of the Unicode characters, therefore an entity -* may be converted to an inexistent codepoint +* - we do not convert NCRs recursively, if you pass &#38; it will return & +* - we DO NOT check for the existence of the Unicode characters, therefore an entity may be converted to an inexistent codepoint * * @param string $text String to convert, encoded in UTF-8 (no normal form required) * @return string UTF-8 string where NCRs have been replaced with the actual chars @@ -890,9 +893,9 @@ function utf8_decode_ncr_callback($m) * Takes an array of ints representing the Unicode characters and returns * a UTF-8 string. * -* @param string $text text to be case folded -* @param string $option determines how we will fold the cases -* @return string case folded text +* @param string $text text to be case folded +* @param string $option determines how we will fold the cases +* @return string case folded text */ function utf8_case_fold($text, $option = 'full') { @@ -933,30 +936,35 @@ function utf8_case_fold($text, $option = 'full') * A wrapper function for the normalizer which takes care of including the class if required and modifies the passed strings * to be in NFC (Normalization Form Composition). * -* @param mixed $strings Either an array of references to strings, a reference to an array of strings or a reference to a single string +* @param mixed $strings a string or an array of strings to normalize +* @return mixed the normalized content, preserving array keys if array given. */ function utf8_normalize_nfc($strings) { - if (!is_array($strings) || (sizeof($strings) > 0)) - { - if (!class_exists('utf_normalizer')) - { - global $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx); - } + if (empty($strings)) + { + return $strings; + } - if (is_array($strings)) - { - foreach ($strings as $key => $string) - { - $strings[$key] = utf_normalizer::nfc($strings[$key]); - } - } - else + if (!class_exists('utf_normalizer')) + { + global $phpbb_root_path, $phpEx; + include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx); + } + + if (!is_array($strings)) + { + utf_normalizer::nfc($strings); + } + else if (is_array($strings)) + { + foreach ($strings as $key => $string) { - $strings = utf_normalizer::nfc($strings); + utf_normalizer::nfc($strings[$key]); } } + + return $strings; } /** @@ -969,8 +977,8 @@ function utf8_normalize_nfc($strings) * functions used here you need to rebuild/update the username_clean column in the users table. And all other * columns that store a clean string otherwise you will break this functionality. * -* @param $text An unclean string, mabye user input (has to be valid UTF-8!) -* @return Cleaned up version of the input string +* @param string $text An unclean string, mabye user input (has to be valid UTF-8!) +* @return string Cleaned up version of the input string */ function utf8_clean_string($text) { @@ -982,7 +990,7 @@ function utf8_clean_string($text) include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx); } - $text = utf_normalizer::nfc($text); + utf_normalizer::nfc($text); static $homographs = array( // cyrllic |